Security researchers have identified over 800 malicious plugins in the OpenClaw ecosystem and more than 42,000 internet-exposed instances. BulwarkAI, founded by a 20-year security architecture veteran, offers specialized hardening services to close the 40% gap left by built-in security tools.
-- OpenClaw has become the fastest-growing AI agent platform in history, amassing over 221,000 GitHub stars and 109,000 Discord members in just four weeks since launch. Businesses are rushing to deploy it for automating tasks from email management to code generation. But that explosive growth has dramatically outpaced security.
The numbers paint a concerning picture. Security researchers have identified over 800 malicious plugins in the ClawHub marketplace, representing roughly 20 percent of all available plugins. More than 42,000 OpenClaw instances are currently exposed to the internet without proper security hardening. Multiple critical vulnerabilities have been publicly disclosed, including CVE-2026-25253 and CVE-2026-25157. The ClawHavoc malware campaign has already compromised thousands of deployments worldwide, stealing credentials and sensitive business data.
Major organizations have taken notice. Meta has banned OpenClaw from corporate devices. The Dutch Data Protection Authority issued a formal warning. Microsoft, CrowdStrike, Cisco, and Palo Alto Networks have all published security advisories about the platform.
Despite this, most OpenClaw users rely solely on the platform's built-in security audit, which independent analysis shows only catches approximately 60 percent of known threats. The remaining 40 percent includes malicious MCP server configurations, sophisticated plugin attacks that evade automated scanning, and credential exposure patterns that require manual review to detect.
BulwarkAI was founded by Peter Kwidzinski to address this gap. With over 20 years of platform security architecture experience, has cataloged over 800 malicious ClawHub packages and mapped attack patterns not covered in existing automated tools. BulwarkAI offers a free security scanner, a comprehensive Security Blueprint with hardening guides and detection scripts, personalized Security Audits, and hands-on DFY Hardening services.
Business owners deploying OpenClaw for client work, internal operations, or automation workflows can start with a free scan at https://www.bulwarkai.io or explore the full range of security services at the same site. With the threat landscape evolving rapidly, proactive security hardening has become essential for any organization relying on OpenClaw agents.
Contact Info:
Name: Peter Kwidzinski
Email: Send Email
Organization: BulwarkAI
Address: Folsom, California, Folsom, California 95630, United States
Website: https://www.bulwarkai.io
Source: PressCable
Release ID: 89184709
If there are any errors, inconsistencies, or queries arising from the content contained within this press release that require attention or if you need assistance with a press release takedown, we kindly request that you inform us immediately by contacting error@releasecontact.com (it is important to note that this email is the authorized channel for such matters, sending multiple emails to multiple addresses does not necessarily help expedite your request). Our reliable team will be available to promptly respond within 8 hours, taking proactive measures to rectify any identified issues or providing guidance on the removal process. Ensuring accurate and dependable information is our top priority.
