CrowdStrike Calls OpenClaw 'AI Super Agent', Publishes Enterprise Security Assessment With 156 Advisories

CrowdStrike's CTO Elia Zaitsev just published what might be the most thorough security breakdown of OpenClaw to date. The title alone says a lot: "What Security Teams Need to Know About OpenClaw, the AI Super Agent."

That framing matters. CrowdStrike isn't treating OpenClaw as a chatbot. They're treating it as an autonomous system with real access to real infrastructure.

What CrowdStrike Found

The assessment tracks 156 total security advisories. 28 of those already have CVE IDs assigned. The remaining 128 are still awaiting assignment, which probably means the backlog is real.

Severity breakdown: 4 Critical, 52 High, 88 Medium, 12 Low.

That's 56 advisories rated High or Critical. Not a small number.

CrowdStrike identified four primary attack vectors:

1. Direct prompt injection, where attackers feed malicious instructions straight to the agent
2. Indirect prompt injection through contaminated data sources the agent reads
3. Agentic tool chain attacks that exploit how OpenClaw connects to external systems
4. AI tool poisoning, targeting the tools and plugins OpenClaw relies on

As Zaitsev put it: "AI agents don't just generate answers, they can take action; operating with speed, autonomy, and privileged access to email, calendars, sensitive data, credentials, and third-party systems."

The Scale Problem

Censys found 21,639 publicly accessible OpenClaw instances. That's a lot of attack surface. And most of those instances are probably running without dedicated security monitoring or regular patching.

CrowdStrike also demonstrated their Falcon AIDR blocking a live Discord exfiltration attack targeting an OpenClaw instance. So these aren't theoretical risks. They're happening.

CrowdStrike and NVIDIA Team Up

On March 16, CrowdStrike and NVIDIA announced a "Secure-by-Design AI Blueprint" at GTC. The blueprint embeds Falcon security modules (AIDR, Endpoint Security, Cloud Security, Identity Security) directly into NVIDIA's OpenShell framework.

The partner list is telling: Adobe, Atlassian, Box, Cisco, Red Hat, Salesforce, SAP, ServiceNow, Siemens, Google, Microsoft Security. When companies of that size start building security frameworks specifically for AI agents, the message is clear. Self-hosted AI without professional security management is becoming a liability.

What This Means for OpenClaw Users

If you're running OpenClaw on a VPS you set up six months ago, this report should make you uncomfortable. 56 High/Critical advisories. Four distinct attack vectors. Thousands of exposed instances.

Managed hosting exists for exactly this reason. At ClawHosters, every instance gets auto-patching, credential isolation, and continuous monitoring as part of the standard deployment. The kinds of protections CrowdStrike recommends, applied automatically, without you thinking about it.

You can also check our OpenClaw Safety Scanner to audit your current setup if you're self-hosting.

The CrowdStrike report validates what we've been saying: OpenClaw is powerful, but running it securely takes more than docker-compose up.