What Are the Real Security Risks of Agentic AI and OpenClaw?

SecurityScorecard's STRIKE team reports that tens of thousands of OpenClaw instances are publicly exposed and many are vulnerable to Remote Code Execution; combined with agentic-AI behaviors and prompt-injection risks, these exposures could allow attackers to execute arbitrary actions (send email, access files, deploy services, call APIs). The report emphasizes that agent permissions expand the attack surface, outlines potential impacts (data disclosure, fraud, reputational damage), and recommends basic security guardrails—network segmentation, role-based access, treating agents as identities—and monitoring via their declawed dashboard.