A rapidly growing number of internet-facing deployments of OpenClaw, the viral artificial intelligence agent software, are exposing organizations and individuals to major cybersecurity risks, according to a warning from the national network and information security information center under the Ministry of Public Security.

OpenClaw, an AI-driven automation platform known for its ability to process complex tasks and support a wide range of plugins, has sparked a global deployment boom since its release. However, many deployments are directly exposed to the public internet, making them attractive targets for cyberattacks, the center said in its official WeChat account on Friday.

According to the cybersecurity alert, OpenClaw faces security risks in its architecture design, default configuration, vulnerability management, plugin ecosystem, and behavioral control mechanisms.

The center warned that OpenClaw's default configuration leaves many systems exposed online, and the platform allows access from any external IP address. Remote access does not require user authentication, while sensitive data such as API keys and chat records may be stored in plaintext.

Moreover, OpenClaw agents may experience permission control failures during task execution. Agents could carry out unauthorized actions, ignore user instructions, or perform operations such as deleting user data, stealing information, or taking control of user devices, according to the alert.

To prevent cybersecurity risks, the center urged users to upgrade OpenClaw installations promptly and obtain installation packages only from trusted sources while closely monitoring official security advisories.

It also recommended running the system only on local networks or internal addresses instead of binding to public internet interfaces.

Users were also advised to install third-party plugins cautiously and only from official channels, review plugin functions carefully and remove suspicious extensions immediately.

Additional recommendations include enabling strong authentication with regularly updated passwords and limiting the operational permissions of AI agents, allowing them to execute only whitelisted system commands to prevent potential damage to user devices.

Monitoring data shows that more than 200,000 active OpenClaw internet assets are currently accessible worldwide. About 23,000 of them are located within China, with numbers surging in major technology hubs including Beijing, Shanghai, and the provinces of Guangdong, Zhejiang, Sichuan, and Jiangsu.