Security researchers find 18,000+ exposed AI agents, 15% of skills are malicious
A massive security hole in viral AI agents puts your digital life at risk...
Security researchers discovered over 18,000 publicly exposed OpenClaw AI agent instances. More alarmingly, an audit of its 700+ community-built skills revealed roughly 15% contain malicious instructions designed to download malware, exfiltrate data, or steal credentials. These agents have broad delegated authority over files, browsers, and messaging platforms. The report warns the attack surface is fundamentally different, as compromising a single skill can compromise everything the agent can access, creating a severe supply chain risk.
Why It Matters
This exposes a critical, unaddressed vulnerability where attackers can hijack popular AI agents to inherit their permissions and access your sensitive data.