If you haven't heard of OpenClaw yet, you will.

In March 2026, this AI assistant became the fastest-growing open-source project in history, surpassing 250,000 GitHub stars – a milestone that took the Linux operating system years to reach.

But within weeks of its explosive rise, government agencies were issuing security alerts. Researchers found over 40,000 vulnerable instances exposed on the internet. One critical flaw, dubbed "ClawJacked," let hackers hijack your AI assistant simply by getting you to visit a malicious website.

What happened? And what does it tell us about the future of AI?

What is OpenClaw?

Imagine an AI assistant that doesn't live in the cloud. Instead, it runs on your computer, with full access to your files, email and apps. You can message it through WhatsApp, Telegram or Discord, and it works 24/7 – even while you sleep.

That's OpenClaw.

Unlike ChatGPT or Claude, which operate in corporate-controlled environments, OpenClaw is entirely yours. It's open-source, meaning anyone can inspect the code. It's customizable. And for privacy-conscious users, that's exactly the point.

"The goal was to have fun and inspire people," creator Peter Steinberger wrote in February. "And here we are, the lobster is taking over the world."

The "lobster" nickname comes from OpenClaw's red crustacean logo.

Why it went viral

OpenClaw's appeal is simple: It's an AI that actually does things.

Most AI assistants are conversational – you ask, they answer. OpenClaw can interact with other software. It's less like a chatbot and more like a digital employee.

For developers and power users, this was revolutionary. But nowhere was the adoption more intense than in China.

Major cloud providers, including Tencent, Alibaba and Baidu, rushed to offer one-click deployment options. On March 6, nearly 1,000 people lined up outside Tencent's Shenzhen headquarters, carrying laptops and hard drives, waiting for engineers to install OpenClaw for free. Xiaomi announced "miclaw" for smartphones and home appliances. The government of Shenzhen's Longgang district announced subsidies of up to 2 million yuan (approximately $290,000) for OpenClaw-based projects. Online courses sprang up, teaching users how to "raise a lobster."

It wasn't just hype. One Chinese AI company reported token consumption surging six-fold as users put their OpenClaw agents to work around the clock.

But the same capabilities that made OpenClaw powerful also made it "dangerous."

The security crisis

The problem isn't that OpenClaw is malicious. It's that it's capable.

In February 2026, security researchers discovered that more than 40,000 OpenClaw instances were exposed on the public internet. Over 60% of them had vulnerabilities that could allow hackers to take control.

One flaw, called "ClawJacked," was particularly alarming. It allowed any website to silently hijack an OpenClaw instance running on your computer – no clicks required. Once compromised, attackers could steal API keys, read files and execute commands.

The warnings weren't just from researchers. On March 8 and 10, Chinese government agencies issued two official alerts – the first major formal government warnings about an AI agent platform specifically. It detailed risks including prompt injection attacks, data theft and the dangers of running exposed instances.

The response

The OpenClaw team moved quickly. In February alone, they patched over 40 vulnerabilities and released security-hardened updates.

Steinberger, meanwhile, announced he was joining OpenAI – the company behind ChatGPT – to help build the next generation of AI agents. OpenClaw would remain independent under a foundation structure.

"The community around OpenClaw is something magical," he wrote. "It will stay a place for thinkers, hackers and people that want a way to own their data."

What this means for you

OpenClaw's rise signals a fundamental shift in AI development. The future isn't just about smarter chatbots – it's about autonomous agents that can act on your behalf.

But autonomy comes with risk. Every AI assistant with access to your files, accounts and devices is a potential attack surface. The more capable the assistant, the greater the damage if something goes wrong.

For now, the lesson is straightforward. Update immediately if you're running OpenClaw. Never expose it to the public internet without authentication. And audit any third-party skills or plugins before installing.

OpenClaw isn't the villain of this story. It's a preview of where AI is heading – and a reminder that the tools we build to help us can also hurt us if we're not careful.

The lobster may be taking over the world. The question is whether we're ready.