OpenClaw

If you’re running OpenClaw on any version before 2026.3.28, stop reading and go update. Right now. We’ll be here when you get back. For everyone else: here’s what happened, why it’s serious, and exactly how to verify you’re protected against two freshly disclosed critical vulnerabilities: CVE-2026-33579 and CVE-2026-34426. What Are These Vulnerabilities? CVE-2026-33579 — Privilege Escalation via /pair approve (CVSS 8.1–9.8) This is the big one. Rated between 8.1 and 9.8 out of 10 on the CVSS scale, CVE-2026-33579 allows an attacker who holds operator.pairing scope — the lowest meaningful permission in an OpenClaw deployment — to silently approve device pairing requests that ask for operator.admin scope. ...

OpenClaw 2026.4.2 landed yesterday with what might be its most consequential architectural change in months: a fully restored Task Flow substrate with durable state tracking, managed sync modes, and native inspection primitives. This isn’t just a patch — it’s the foundation that autonomous agent workflows have been waiting for. What’s New in Task Flow The centerpiece of 2026.4.2 is PR #58930, which restores the core Task Flow engine with two distinct sync modes: ...

Tencent isn’t slowing down. Just weeks after launching QClaw (WeChat integration) and WorkBuddy (desktop AI agent), China’s internet giant has added a third product to its OpenClaw portfolio: ClawPro, an enterprise-facing AI agent management platform that entered public beta today. What ClawPro Actually Does ClawPro is Tencent Cloud’s answer to a real enterprise problem: deploying and managing OpenClaw at scale without specialized technical staff. The platform lets organizations: Deploy OpenClaw templates without needing to configure the underlying infrastructure from scratch Select models and agents from a centralized interface — mix and match based on task requirements and cost tolerance Track token consumption in real time, with visibility into per-department or per-project usage Manage security policies centrally, addressing one of the most frequently cited concerns around enterprise AI adoption Tencent claims firms can be operational with ClawPro in 10 minutes, without specialized technical support. That’s a bold claim, but it tracks with the “democratize enterprise AI” positioning that’s dominating the Chinese tech landscape right now. ...

The global AI race has a new protagonist, and it’s not a lab, a country, or a foundation model. It’s a retired teacher in Chengdu who asked a neighbor’s kid to install OpenClaw on her laptop — and then told all her friends about it. Forbes published a major feature today on what it’s calling China’s “OpenClaw phenomenon” — a grassroots adoption movement so organic and widespread that it’s being studied as a social and geopolitical inflection point in the global agentic AI race. ...

The open-source AI agent framework that conquered the internet in four months is now facing its most serious security reckoning yet. A comprehensive study published March 31 by Web3 security firm CertiK paints a stark picture: OpenClaw has accumulated over 100 CVEs and 280 security advisories since its release, with more than 135,000 internet-exposed instances actively leaking credentials — and a malware-infested skills marketplace that’s quietly targeting user wallets. The Architectural Problem Nobody Wanted to Talk About OpenClaw was originally designed for trusted local environments. You ran it on your laptop, it had access to your files and accounts, and that was fine because it was your machine. ...

When hardware companies start building companion products for an open-source software framework, you know the ecosystem has crossed a threshold. ClawGo, announced April 1, is a portable hardware/software package purpose-built for OpenClaw field deployments — targeting teams who need self-contained, offline-capable agent infrastructure in environments where cloud connectivity isn’t guaranteed. The product bets explicitly on what ClawGo calls “the harness model”: the insight that the most durable value in the AI agent ecosystem isn’t the underlying LLM (which changes constantly) or the specific skills (which get updated or deprecated), but the coordination and execution layer — the harness that manages agents, handles tool calls, and maintains state. OpenClaw is that harness for a growing number of enterprise teams. ...

The CertiK study published today identified 135,000 internet-exposed OpenClaw instances with systemic security failures: authentication disabled, API keys in plaintext, malware in the skills store. Most of those deployments weren’t the result of malicious intent — they were the result of setting up OpenClaw following the default quick-start guide and then opening it to the internet. This guide is the one you should follow instead. It covers a complete, production-grade VPS deployment of OpenClaw v2026.4.1 with the security hardening necessary to run it safely on a public-facing server. ...

OpenClaw’s expansion into China just shifted from grassroots viral phenomenon to official infrastructure play. On April 2, a version update bundled Tencent’s QQ messaging app as OpenClaw’s first natively integrated Chinese social channel — and simultaneously, ByteDance’s Volcengine division confirmed it is sponsoring a dedicated ClawHub mirror for the Chinese market. This is no longer “Chinese users love OpenClaw.” This is Chinese Big Tech formally committing infrastructure and engineering resources to the platform. ...

OpenClaw shipped version 2026.4.1 today, and it’s a substantial release — over 40 pull requests merged, a handful of significant feature additions, and a simultaneous ClawHub China mirror announcement that signals continued international expansion. Here’s what’s actually in the release, drawn directly from the changelog. AWS Bedrock Guardrails Support The biggest enterprise story in this release is native AWS Bedrock Guardrails integration in the bundled provider. This lets teams using OpenClaw on AWS infrastructure apply Bedrock’s policy enforcement layer — content filters, topic deny lists, PII redaction, and grounding checks — directly to model calls routed through the Bedrock provider. ...

A quick note before we start: yes, this was published on April 1st. No, it’s not an April Fools’ joke. Multiple trade press outlets — Business Insider, AOL, letsdatascience.com — covered this as straight news, and Karpathy has since confirmed the demo is real. With that cleared up: what Andrej Karpathy demonstrated this week is one of the clearest visions of where personal AI agents are actually going. The Demo Karpathy built an OpenClaw agent he named Dobby. The task he gave it: scan the local network, discover connected devices, and figure out how to control them. ...