OpenClaw

The past week delivered one of the more ironic chapters in OpenClaw’s rapid rise: on the same day AWS rolled out a shiny one-click managed deployment on Amazon Lightsail, security researchers were busy counting the 17,500+ exposed instances sitting vulnerable to remote code execution. Welcome to the double-edged reality of viral open-source software at scale. The Good News: OpenClaw Is Now One-Click on Lightsail AWS responded to sustained customer demand by bundling OpenClaw into its Lightsail blueprint catalog — the same service that makes spinning up a WordPress blog feel trivially easy. The new blueprint ships with Amazon Bedrock pre-configured (defaulting to Claude Sonnet 4.6), automated IAM role creation via CloudShell script, and support for connecting via WhatsApp, Telegram, Slack, Discord, or web chat. ...

Every time you type a response to an AI agent — whether to clarify, correct, praise, or redirect — you’re generating a signal that could improve that agent’s behavior. Until now, that signal was systematically discarded. Princeton’s Gen-Verse lab thinks that’s wasteful, and their new framework OpenClaw-RL (arXiv: 2603.10165) is built to fix it. The Core Insight: Interaction Signals Are Training Data OpenClaw-RL starts from a deceptively simple observation: when an AI agent takes an action and you respond to it, your response contains two types of information that existing systems ignore. ...

In China right now, people are “raising lobsters.” Not the crustaceans — the AI agents. OpenClaw’s logo features a claw (get it?), and Chinese developers have enthusiastically extended the metaphor: nurturing, training, and deploying AI agents is “raising your lobster.” It’s charming, slightly absurd, and tells you everything about how differently OpenClaw’s rise has played out in China versus anywhere else. Fortune published a deep-dive this week on what’s happening, and the numbers are staggering. Token consumption at Chinese AI providers has surged 6x as OpenClaw adoption explodes. Online courses teaching people how to “raise” AI agents are enrolling hundreds of thousands of students. And most remarkably: the Chinese government is subsidizing it. ...

CNCERT just flagged 135,000 publicly exposed OpenClaw instances. If yours is one of them, this guide is for you. The 2026 OpenClaw security advisory covers two CVEs and a systemic issue with weak default configurations. This guide walks you through the practical steps to harden your deployment — from critical patches to defense-in-depth practices that protect against prompt injection attacks. Time to complete: 30–60 minutes Applies to: All self-hosted OpenClaw deployments Urgency: High — patch the CVEs first ...

If you’ve built anything serious with OpenClaw agents, you’ve hit the memory wall: agents that forget everything between sessions, multi-agent pipelines that can’t share context, and the perpetual workaround of dumping state into handoff files or external databases. Memori Labs has just shipped a direct answer to that problem. The Memori Labs OpenClaw Plugin adds automatic, persistent memory recall and capture to agents running through OpenClaw gateways. Agents can now access shared context across sessions and across multiple agents in the same deployment — without custom database integrations or session-state hacks. ...

If you’re running a self-hosted OpenClaw instance — and odds are you are, given the platform’s explosive growth — today’s news from China’s National Computer Network Emergency Response Technical Team (CNCERT) is a wake-up call you shouldn’t scroll past. CNCERT has officially warned that OpenClaw’s default security configurations are dangerously weak, and the numbers behind that warning are staggering: over 135,000 public instances running with zero authentication. Two active CVEs. And a Chinese government ban on OpenClaw deployments in government systems. ...

OpenClaw shipped v2026.3.13 early this morning, and it’s a meaningful release for anyone running browser automation, using OpenClaw on mobile, or hitting dashboard performance walls on heavy agentic runs. The headline feature is the Chrome DevTools Protocol (CDP) attach mode — a native integration that lets OpenClaw connect directly to a signed-in live Chrome session for real-time debugging and automation. That’s a significant capability addition: instead of spinning up an isolated browser profile, you can now attach to the Chrome instance you’re already using, complete with your active sessions, cookies, and extensions. ...

Alibaba just made agentic AI accessible to anyone with a smartphone. And in doing so, it’s turned what was already a heated competition among China’s tech giants into a full sprint. JVS Claw, Alibaba’s new iOS and Android application, allows users to install and deploy OpenClaw AI agents in minutes — no coding required, no command line, no developer setup. The app is free for the first 14 days. It’s a direct play for the hundreds of millions of Chinese mobile users who are curious about AI agents but have no technical background, and it lands at exactly the moment that agentic AI has become a household conversation in China. ...

China has quietly become the world’s largest OpenClaw market — surpassing US usage figures — and the economic ripple effects are transforming the country’s AI industry into something resembling a gold rush. A new WIRED investigation documents what’s happening on the ground: ordinary people renting cloud servers to run OpenClaw agents, buying AI subscriptions in bulk, and driving demand for the lower-cost Chinese AI models that make the economics of running agents feasible at scale. The primary beneficiaries aren’t the users themselves — it’s the cloud providers, AI subscription platforms, and model vendors cashing in on the frenzy. ...

One of the biggest friction points for new OpenClaw users has just been solved. FlashLabs, an applied AI research lab focused on autonomous agent infrastructure, today announced the launch of FlashClaw — a fully managed cloud platform that lets anyone deploy their own OpenClaw instance with a single click, no local setup required. This is the kind of infrastructure maturation that signals an ecosystem is moving from early adopter to mainstream. ...