someone made a watchboard tracking openclaw deployments. 220k+ instances running on public ips with zero authentication most are on port 18789. you can literally just hit the ip and access the agent. no login, no api key, nothing checked a few randomly. some have “Has Leaked Creds” marked red. api keys and passwords visible in the interface asn data shows tencent, oracle, baidu, alibaba, huawei, aws. not random home servers. actual cloud infrastructure this is way worse than leaving a database open. these agents execute code, call apis, access filesystems. if someones running this in prod with internal access thats a massive hole saw this with jupyter notebooks years ago. thousands exposed, people lost data, got crypto miners installed difference is agents are autonomous. they make decisions and take actions. an exposed jupyter is passive. an exposed agent could actively cause damage 220k instances means this is happening in production. not just demos the pattern: people test locally, deploy to cloud, open the port for remote access, forget to add auth some tools enforce auth by default now. cursor, verdent, windsurf all require login even locally which seemed annoying but makes sense. most open source frameworks dont we need better defaults. auth required not optional. warnings for public exposure. api keys never visible in ui otherwise were gonna see bad incidents. agent with aws creds exposed. or connected to prod database. or can send emails ai safety people worry about agi. meanwhile 220k unsecured agents running right now what security measures are people actually using? clearly a lot getting this wrong submitted by /u/BookwormSarah1
Originally posted by u/BookwormSarah1 on r/ArtificialInteligence