OpenAI Acquires the Developer Behind 200,000+ Exposed AI Agents
Peter Steinberger, creator of the massively insecure OpenClaw framework, joins OpenAI to “drive the next generation of personal agents.” OpenClaw stays open source.
Sam Altman announced Sunday that Peter Steinberger, the Austrian developer behind OpenClaw, is joining OpenAI. Steinberger will “drive the next generation of personal agents,” while OpenClaw becomes a foundation-backed open-source project that OpenAI will sponsor.
This is the same OpenClaw that security researchers called an “unacceptable cybersecurity risk” two weeks ago after finding 200,000+ exposed instances with default credentials, no authentication, and access to users’ files, passwords, and API keys.
Steinberger’s journey:
Built Clawdbot in November → Anthropic threatened legal action over the name (too close to “Claude”) → Renamed to Moltbot → Renamed again to OpenClaw → Went viral with 100,000+ GitHub stars and 2 million visitors in one week → Got offers from Meta and OpenAI → Chose OpenAI.
In his blog post, Steinberger said: “I could totally see how OpenClaw could become a huge company, but it’s not really exciting for me. What I want is to change the world, not build a large company, and teaming up with OpenAI is the fastest way to bring this to everyone.”
Altman called Steinberger “a genius with a lot of amazing ideas about the future of very smart agents interacting with each other.” He added: “The future is going to be extremely multi-agent and it’s important to us to support open source as part of that.”
Meanwhile, China’s Ministry of Industry warned OpenClaw poses “significant security risks when improperly configured” and can expose users to cyberattacks. Baidu announced they’re integrating OpenClaw into their main smartphone app anyway.
OpenAI just hired the guy whose “playground project” shipped with
0.0.0.0:18789as the default binding, no authentication required, and exposed 200,000 + instances to the internet within weeks of launch.This is like hiring the Titanic’s captain to design your next cruise ship because “he really understands large-scale passenger transport.”
Threat Road is an independent Cyber Security Newsletter founded by technology journalist Alex Levberg. Please consider subscribing to support my work.
If you’re running OpenClaw:
The security issues don’t magically disappear because it’s now OpenAI-backed
Patch to latest version immediately (still binding to all interfaces by default!)
Use localhost-only (
127.0.0.1) binding and Tailscale/VPN for remote accessRotate all API keys and credentials stored in OpenClaw
Monitor SecurityScorecard’s declawed.io dashboard to see if your instance is exposed
For OpenAI watchers:
This signals OpenAI is going all-in on agentic AI (agents that take actions, not just chat)
“Personal agents” will likely become core to ChatGPT’s product offering
The open-source commitment is interesting, OpenAI backing a foundation while also commercializing the tech
Steinberger’s goal: “an agent so simple my mother could use it”
For security professionals:
Agentic AI is the new attack surface everyone’s rushing to deploy
“Move fast and break things” is back, but now the agents have filesystem access and API credentials
The fact that OpenAI hired Steinberger after the security disaster suggests they value speed over security posture
Viral adoption + insecure defaults = mass compromise. This pattern keeps repeating because “time to market” beats “secure by design” every single time.
This hire perfectly captures Silicon Valley’s priorities in 2026.
OpenClaw went from obscure hobby project to 200,000+ exposed instances to OpenAI acquisition in less than 4 months. Security researchers called it an “unacceptable cybersecurity risk.” Gartner told enterprises to ban it immediately.
And OpenAI’s response? “Great work, you’re hired. Let’s scale this to everyone.”
To be fair to Steinberger: he built something people wanted so badly they’d run it despite the security risks. That’s product-market fit. And his commitment to keeping OpenClaw open-source while joining OpenAI is admirable.
But let’s be real about what just happened: the fastest path from “insecure vibe-coded side project” to “backed by a $80B company” is apparently to ship something viral and let security be someone else’s problem.
Congratulations on the exit, Peter. Now please fix the default binding.
- Alex
P.S. — Steinberger’s stated goal is building an agent “so simple my mother could use it.” Given OpenClaw’s current security posture, let’s hope his mom also knows how to configure firewalls.