Multiple hacking groups exploit OpenClaw instances to steal API key and deploy malware

Multiple hacking groups have recently targeted OpenClaw, an open-source AI framework developed by Peter Steinberger, to exploit its vulnerabilities for malicious purposes. Following its rapid adoption in January 2026, OpenClaw has become a significant threat vector due to its architecture, which allows for extensive system privileges and integration with sensitive services. Analysts have reported over 30,000 compromised instances, with attackers leveraging flaws such as Remote Code Execution (CVE-2026-25253) to steal API keys and deploy info-stealing malware through various channels, including Telegram.

The exploitation of OpenClaw highlights the urgent need for robust security measures in AI automation and agent workflows. As developers continue to integrate OpenClaw into their projects, they must remain vigilant about potential vulnerabilities and ensure that they are implementing the latest model updates and security patches. With the rise of such cyber threats, comprehensive release notes and developer tooling will be essential for maintaining the integrity of applications built on OpenClaw and preventing further incidents of credential theft and data exfiltration.