Krux
March 17, 2026
One-Click Bug Exposed AI Agent Credentials Across 52 Countries
Published: March 17, 2026 at 12:34 AM
Updated: March 17, 2026 at 12:34 AM
100-word summary
A critical flaw in OpenClaw (CVE-2026-25253) let anyone grab stored API tokens for Claude, OpenAI, and Google AI from an unprotected endpoint—no authentication required. Researchers found hundreds of exposed control interfaces spanning 52 countries, with 891 instances in the US alone. Most ran on DigitalOcean and Alibaba Cloud, meaning the agents teams thought were internal were actually broadcasting credentials to the internet. The fix is straightforward: update to version 2026.1.29 or later, rotate every token on exposed instances, and move management consoles behind a VPN. Turns out giving AI agents autonomy and internet access creates attack surfaces that firewalls weren't built for.
What happened
A critical flaw in OpenClaw (CVE-2026-25253) let anyone grab stored API tokens for Claude, OpenAI, and Google AI from an unprotected endpoint—no authentication required. Researchers found hundreds of exposed control interfaces spanning 52 countries, with 891 instances in the US alone. Most ran on DigitalOcean and Alibaba Cloud, meaning the agents teams thought were internal were actually broadcasting credentials to the internet. The fix is straightforward: update to version 2026.1.29 or later, rotate every token on exposed instances, and move management consoles behind a VPN.
Why it matters
Turns out giving AI agents autonomy and internet access creates attack surfaces that firewalls weren't built for.