- 1
- March
February 2026 was a month when OpenClaw — the open-source AI Agent Framework with over 145,000 GitHub Stars — faced three major events within a single month. From the creator joining OpenAI to a critical security vulnerability and the launch of a new SaaS offering. This article covers all three stories with analysis of the impact on organizations currently using or considering AI Agents.
1. Peter Steinberger, OpenClaw Creator, Joins OpenAI
On February 14, 2026, Peter Steinberger, creator of OpenClaw (formerly Clawdbot → Moltbot → OpenClaw), announced he would be joining OpenAI. Sam Altman, CEO of OpenAI, tweeted about this:
"Peter Steinberger is joining OpenAI to drive the next generation of personal agents. He is a genius with a lot of amazing ideas about the future of very smart agents interacting with each other to do very useful things for people."
— Sam Altman, CEO of OpenAI
Steinberger himself explained his reasoning on his personal blog:
- "I want to change the world, not build a big company" — although he could have turned OpenClaw into a high-value company, he chose not to.
- "Partnering with OpenAI is the fastest path to getting this into everyone's hands"
- His new goal is to "build an Agent that even my mother can use"
What Will Happen to OpenClaw?
OpenClaw will move under an independent Foundation, with OpenAI supporting the transition. Steinberger confirmed that:
- The project will remain Open-Source forever
- It will support AI Models from multiple providers, not locked to OpenAI alone
- The developer community will play a greater role in setting the direction
What organizations should watch:
When the primary creator is no longer directly maintaining the project, the pace of development and direction of OpenClaw may change. Organizations using OpenClaw should monitor how the new Foundation is governed and whether it has a clear Roadmap.
2. Critical Vulnerability CVE-2026-25253 — Zero-Click RCE
The most concerning news this month was the discovery of a High-severity security vulnerability in OpenClaw that allows attackers to gain control of a developer's machine with virtually no action required from the victim.
| Description | Information |
|---|---|
| CVE | CVE-2026-25253 |
| CVSS Score | 8.8 (High) |
| Discovered By | Oasis Security |
| Affected Versions | All versions before 2026.1.29 |
| Patch Fix | Version 2026.1.29 or later (recommended 2026.2.25+) |
| Attack Type | Cross-Site WebSocket Hijacking → Remote Code Execution |
How Does the Attack Work?
The vulnerability exists in OpenClaw's WebSocket system, which runs on the user's local machine. The attack works as follows:
- The attacker crafts a malicious link with a
gatewayUrlparameter pointing to their own server - The victim clicks the link — the OpenClaw Control UI automatically connects via WebSocket to the attacker's server, sending the Authentication Token along with it
- The attacker uses the captured Token to connect back to the Gateway on the victim's machine
- Once access is gained, the attacker can modify Config, disable Sandbox, change Tool Policies, and execute arbitrary code
Steinberger himself explained:
"Control UI trusts gatewayUrl from the query string without validation and auto-connects on load, sending the stored gateway token... Clicking a crafted link can send the token to an attacker-controlled server."
— Peter Steinberger, creator of OpenClaw
Actions required immediately:
- Update OpenClaw to version 2026.2.25 or later immediately
- Rotate all Tokens and Credentials previously used with OpenClaw
- Review Logs for any abnormal WebSocket connections
- Avoid clicking links from untrusted sources while OpenClaw is running
This is not OpenClaw's first vulnerability this year — The Register previously reported that the OpenClaw ecosystem has been experiencing ongoing security issues, which organizations must carefully consider before deploying in production (read more about data security in ERP systems).
3. OpenClaw SaaS Launches — No Self-Installation Required
On February 28, 2026, Clawbot AI launched a SaaS version of OpenClaw on clawbot.ai, offering a new option for those who prefer not to install OpenClaw on their own machines.
Key Features of OpenClaw SaaS
| Features | Description |
|---|---|
| Cloud Deployment | No installation needed — use directly through a web browser |
| AI Model Selection | System automatically selects the AI Model based on task type — no manual Config required |
| Managed Infrastructure | Clawbot AI manages Server, updates, and security entirely |
| Deploy in Minutes | Quickly set up Agents through the Web Interface |
SaaS vs Self-Hosted — Which Should You Choose?
| Aspect | Self-Hosted | SaaS (Clawbot.ai) |
|---|---|---|
| Data Control | Full control — data stays on your machine | Data resides on Clawbot's Cloud |
| Setup Difficulty | Requires technical knowledge | Easy — use directly via web |
| Security | Self-managed (must apply patches yourself) | Managed by Clawbot |
| Best For | Developers, organizations requiring Data Privacy | Beginners, teams wanting to experiment |
Beyond Clawbot AI, major cloud provider DigitalOcean has also launched a One-Click Deploy service for OpenClaw, demonstrating that AI Agents are truly becoming mainstream.
OpenClaw 2.26 — Major Stability Update
Beyond the 3 major stories above, OpenClaw also released version 2.26, focusing on stability and security with key highlights:
- Claude Opus 4.6 support — as the Default Model via Kilo Gateway
- External Secrets Management — more secure Credentials handling
- HTTP Security Headers — added Strict-Transport-Security for HTTPS
- Session Cleanup — controls Disk Usage to prevent Storage Overflow
- Multilingual Memory Embeddings — improved multi-language support
Lessons for Organizations — Key Considerations Before Using AI Agents
All the events in February reflect that AI Agents are still in a growth phase with high uncertainty. Organizations considering these tools should ask themselves:
- How sensitive is the data you plan to give the AI Agent access to? — Vulnerability CVE-2026-25253 demonstrates that Agents running locally can be attacked. If data is sensitive (e.g., financial records, employee data), risks must be carefully assessed (read more: SQL Injection and Prevention).
- What is the Bus Factor of the project you depend on? — OpenClaw was primarily developed by a single person. When that person leaves, continuity becomes uncertain. Enterprise-grade software must have a clearly defined maintenance team.
- Do you have a Patch Management process in place? — When new vulnerabilities emerge, how quickly can your organization apply updates? (read more: Disaster Recovery for Critical Systems)
AI Agent technology has high potential, but must be used with understanding — not just "adopted because it is trending." You must evaluate whether it suits your organization, whether your data will be secure, and whether you have a contingency plan when issues arise.
— Saeree ERP Team
