OpenClaw's 2,200 Malicious Add-Ons Expose the Dark Side of the Rush to Agentic AI

The popular open-source agent framework has disclosed nine vulnerabilities and a marketplace crawling with malicious extensions — a case study in what happens when the ecosystem ships agents faster than it can secure them.

The AI agent gold rush has its first major security scandal. OpenClaw, one of the most widely adopted open-source agent frameworks, has been revealed to harbor nine disclosed vulnerabilities, over 2,200 malicious add-ons in its marketplace, and an unknown number of exposed instances running in production. The details were compiled by @HedgieMarkets, who called it a "security nightmare."

Unlock the full briefing

Get every story in today's briefing, the full archive, and the daily AI intelligence brief.

All stories today

Full archive

Daily brief

Cancel anytime. Payments powered by Stripe.