Anatomy of an Autonomous AI Agent Risk: How Qualys ETM Connects the Dots on OpenClaw

Qualys ETM detected an unauthorized OpenClaw (clawdbot) autonomous agent on a Windows Server: vulnerable versions (including CVE-2026-25253 and CVE-2025-55130) with public exploit intelligence were confirmed by VMDR and Microsoft Defender, EASM observed a live Node.js service listening on TCP/18792, and ETM Identity identified stale SID history and disabled Kerberos pre-authentication that together create an attack path enabling potential domain compromise; the report demonstrates how correlating endpoint, exposure, and identity telemetry prioritizes remediation and response.