SecurityScorecard’s STRIKE team has identified over 135,000 internet-exposed OpenClaw instances. That’s not a typo. One hundred thirty-five thousand AI agents, many with known vulnerabilities, sitting directly on the public internet.

“Our findings reveal a massive access and identity problem created by poorly secured automation at scale. Convenience-driven deployment, default settings, and weak access controls have turned powerful AI agents into high-value targets for attackers.” — STRIKE team

The attack surface is extensive. OpenClaw skills have been caught leaking API keys, credit card numbers, and PII (Personally Identifiable Information). Three high-risk CVEs dropped in recent weeks. The skill marketplace remains largely unvetted.

This is what happens when “vibe coding” meets production infrastructure. OpenClaw’s rapid viral growth — fueling those 135,000+ deployments — far outpaced security review. Users appear to be running default configurations with minimal access controls, creating a systemic failure pattern.

For enterprise security teams, this should be a wake-up call. Your employees are probably already experimenting with these tools. The productivity gains are real, but so are the risks.

The playbook here isn’t complicated but requires discipline: network segmentation for AI agent deployments, mandatory skill vetting before production use, strict access controls, secrets management, and monitoring for data exfiltration.

OpenClaw’s newly announced move to an OpenAI-supported foundation could help with security investment, but that’s speculative. Right now, the data speaks for itself: tens of thousands of vulnerable agents are live on the internet, and attackers have noticed.

Related: Malicious skills report • API key leaks • STRIKE dashboard