AI Assistants Are Rapidly Shifting the Security Landscape as Autonomous Agents Go Mainstream

OpenClaw's rapid adoption highlights growing tension between AI autonomy and security as 42,000 instances found exposed online

Zotpaper•Monday 9 March 2026 at 10:03 am•3 min read•📰 2 sources

AI-based assistants and autonomous agents that can access users' computers, files, and online services are growing rapidly in popularity — but security researchers warn they are fundamentally reshaping organizational threat models. Brian Krebs reports that the open-source platform OpenClaw alone has over 42,000 exposed instances, with 1.5 million leaked API tokens and a critical RCE vulnerability rated CVSS 8.8.

The new generation of AI assistants differs from traditional chatbots in a crucial way: they are designed to take initiative. OpenClaw, which has seen rapid adoption since its November 2025 release, can manage inboxes, execute programs, browse the internet, and integrate with messaging platforms — all without being explicitly prompted.

A Snyk security audit found that 36.82% of community-contributed skills have at least one security flaw, with 341 outright malicious skills discovered in the community repository. These range from credential theft to malware delivery.

The fundamental issue, according to Krebs, is that these platforms store API keys, OAuth tokens, and user conversations in plaintext with no encryption or access controls. A single misconfigured cloud provider exposed 1.5 million API tokens and 35,000 user email addresses in February 2026.

CVE-2026-25253 allows one-click remote code execution via token theft, where malicious websites can hijack active bots through WebSocket connections, giving attackers shell access to the user's system.

Analysis

Why This Matters

Autonomous AI agents represent a new category of insider threat. They have the access of a trusted employee but the attack surface of an internet-facing service. Organizations adopting these tools are essentially granting an AI program the same access they would give a senior IT administrator.

Background

The rush to adopt AI agents has outpaced security tooling. While companies like Anthropic and Microsoft have invested heavily in sandboxing their commercial offerings, open-source alternatives like OpenClaw prioritise functionality and extensibility over security hardening.

Key Perspectives

Security researchers argue that the community skill model — where anyone can contribute capabilities — mirrors the early days of mobile app stores before rigorous review processes were established. The 341 malicious skills found suggest the problem is already significant.

What to Watch

Whether enterprise adoption slows in response to these findings, and whether the OpenClaw project implements mandatory security reviews for community skills. The CVE disclosure may also prompt regulatory attention.

ZOTPAPER