Blog, Research, STRIKE February 9, 2026 Beyond the Hype: Moltbot’s Real Risk Is Exposed Infrastructure, Not AI Superintelligence STRIKE Uncovers Widespread OpenClaw (Moltbot) Exposure Across the Internet Why are AI agents becoming a new attack surface? Over the past several days, OpenClaw (formerly known as Clawdbot and and Moltbot ) has drawn intense attention across social media and headlines. Much of that attention has focused on speculation about artificial general intelligence (AGI) and the Singularity or autonomous AI agents operating without human control. Some posts focus on the OpenClaw agents interacting on Moltbook, a supposed social media network for agents, where they claim to have created their own religion and plans to revolt. That framing misses the real issue. The SecurityScorecard STRIKE Threat Intelligence Team is releasing research today that shows that the actual risk behind OpenClaw is access and exposed infrastructure. Our live reconnaissance data reveals tens of thousands of internet-facing OpenClaw deployments, many running vulnerable versions, many already correlated with prior breaches . Some users are configuring bots with personal names and company names, revealing who is using these tools. Our findings reveal a massive access and identity problem created by poorly secured automation at scale. The research underscores how convenience-driven deployment, default settings, and weak access controls have turned powerful AI agents into high-value targets for attackers. For a live view of OpenClaw exposures, updated every 15 minutes, visit the STRIKE team’s declawed dashboard . Executive Summary: STRIKE identified 42.9K unique IP addresses hosting exposed OpenClaw control panels with full system access across 82 countries, based on live internet-wide reconnaissance attributed to STRIKE , updated every 15 minutes. 15.2K exposed instances appear vulnerable to Remote Code Execution (RCE), meaning attackers can take over the host machine , with 35.4% of observed deployments flagged as vulnerable. 3 high-severity Common Vulnerabilities and Exposures (CVEs) (they rank 7.8-8.8 on the CVSS severity scale ) with public exploit code available. 53.3K exposed instances correlate with prior breach activity, compounding risk for users. Exposed deployments are heavily concentrated in major cloud and hosting providers, indicating repeatable and easily replicated insecure deployment patterns. Public ecosystem signals (including thousands of open GitHub security issues and repositories containing leaked credentials ) show that insecure OpenClaw usage is systemic, leaving users vulnerable to potential attack. Because the information is refreshed every 15 minutes, please refer to the STRIKE dashboard for the most up-to-date data. How widespread is OpenClaw exposure globally? Agentic AI assistants are rapidly moving from experimentation into everyday use, but new SecurityScorecard research shows that many of these systems are being deployed without even basic security controls. A new investigation from SecurityScorecard’s STRIKE Threat Intelligence team has uncovered tens of thousands of exposed OpenClaw (formerly Moltbot and Clawdbot) instances reachable directly from the internet. These deployments include publicly accessible control panels, vulnerable services, and configurations that grant agents broad authority to act on behalf of users and organizations. In many cases, the exposed systems are running known-vulnerable versions or have already been associated with prior breach activity. STRIKE has observed 40,214 (and climbing) internet-exposed OpenClaw instances, three published Common Vulnerabilities and Exposures (CVEs) with public exploit code, and active threat actor discussion about exploitation techniques. The math is simple: when you give an AI agent full access to your computer, you give that same access to anyone who can compromise it. STRIKE identified these exposures through internet-wide scanning using favicon hash fingerprinting, SecurityScorecard proprietary breach and threat actor correlation, the GitHub API, and direct enumeration, allowing researchers to observe OpenClaw adoption, misconfiguration, and risk at global scale. The findings show a growing attack surface tied to agentic AI automation. STRIKE is releasing a declawed version of its research that removes some sensitive details while preserving the scope, patterns, and security implications of the exposure. STRIKE’s mission is to make this data openly available for the betterment of the internet community. By providing transparent, factual data about AI agent exposure, STRIKE enables security teams, developers, and organizations to assess their own risk posture and take informed action. STRIKE also works directly with vendors and cloud providers on responsible disclosure to drive security improvements at the source. For a full breakdown of STRIKE’s findings, including exposure trends and vulnerability categories (updated every