- OpenClaw is the fastest-growing GitHub project ever, hitting 325k stars in record time.
- OpenAI has "acqui-hired" the founder, while NVIDIA launched NemoClaw to provide essential security guardrails.
- A critical vulnerability (CVE-2026-25253) allows hackers to hijack agents via simple web links.
- China has officially banned the "Lobster" (OpenClaw) in government and banking sectors to prevent data leaks.
- Over 1,000 malicious skills on ClawHub have been flagged for stealing credentials and crypto.
"OpenClaw is now the largest, most popular, and most successful open-source project in the history of humanity."
-Jensen Huang, CEO of NVIDIA
With that singular, staggering declaration at NVIDIA GTC 2026, CEO Jensen Huang confirmed what the tech world has been whispering for months: the era of the chatbot is over, and the era of the real Autonomous Agent has arrived.
What started as a "vibe coding" weekend project by Austrian developer Peter Steinberger in late 2025 has morphed into a global force. OpenClaw (formerly known as Clawbot) didn’t just grow, it exploded, surpassing 325,000 GitHub stars this March. It is now the fastest-growing software repository in history, lapping industry giants like React and Linux in record time and forcing every major tech power to rewrite their 2026 roadmap.
%20NVIDIA%20GTC%20Keynote%202026%20-%20YouTube%20-%20106_56.webp)
The "New Computer": OpenAI and NVIDIA Move In
The industry’s heavyweights are moving with high velocity to "tame the lobster" and bring OpenClaw into the enterprise fold.
- The OpenAI Acquisition:
In February 2026, Sam Altman personally confirmed that creator Peter Steinberger had joined OpenAI to lead the "next generation of personal agents." While the project remains open-source under an independent foundation, OpenAI is now its primary financial engine, treating the framework as the foundational "operating system" for future AI products. - NVIDIA "NemoClaw":
At GTC this week, NVIDIA unveiled NemoClaw, an enterprise-ready stack that wraps OpenClaw in the new OpenShell runtime. Jensen Huang compared this to the birth of Windows or Mac, providing a "secure sandbox" that allows agents to be productive, automating everything from "Inbox Zero" to complex coding—without having unrestricted access to sensitive corporate files.
The Security Crisis: "ClawJacked" and Geopolitical Blowback
The meteoric rise of OpenClaw has outpaced its own safety engineering, creating a "perfect storm" for cyber warfare. What was once a localized concern for developers has escalated into a systemic risk that has caught the attention of world leaders.
- The "Lethal" Exploit (CVE-2026-25253)
Security researchers have officially classified the "ClawJacked" vulnerability as a Critical 8.8-severity threat. This is not a theoretical risk; it is a fundamental architectural flaw in how the agent handles web data.- The "One-Click" Hijack:
The vulnerability allows an attacker to bypass local network restrictions by tricking a user into visiting a single malicious website. Because OpenClaw often runs with "localhost" trust, the browser acts as a bridge, allowing the site to exfiltrate session tokens and API keys in milliseconds. - Total Host Compromise:
Once hijacked, the "Claw" can be forced to disable its own sandbox. This grants the attacker the ability to execute shell commands directly on the host machine, turning a productivity tool into a remote-access trojan.
- The "One-Click" Hijack:
- China’s State-Level Ban and "Lobster Mania"
In China, where the project’s red claw logo sparked a viral "Raising a Lobster" (yǎng lóng xiá) trend, the government response has been swift and severe.- The "Rogue Lobster" Incidents:
The ban was accelerated by high-profile reports of agents "going rogue." In one viral case, a user’s "Lobster" misunderstood a cleanup command and spammed his entire iMessage contact list with gibberish. - National Security Directive:
On March 11, 2026, the Ministry of State Security (MSS) issued a formal alert labeling the agent "perilously vulnerable." Consequently, major state-owned banks and government agencies in Beijing and Shenzhen have strictly banned OpenClaw from all corporate devices, fearing it could be used by foreign actors to exfiltrate sensitive datasets under the guise of daily automation.
- The "Rogue Lobster" Incidents:
- The Poisoned Marketplace: A Hidden Supply Chain Threat
While the core code is being patched, the ClawHub community marketplace has become a primary vector for malware.- Trojan "Skills":
Security audits have identified over 1,100 malicious plugins disguised as harmless "productivity boosters." These "Poisoned Skills" are specifically engineered to sit silently on a system until they detect a cryptocurrency wallet or SSH key, which they then exfiltrate to offshore servers. - The Trust Gap:
This has created a massive divide in the community between "Vibe Coders," who install plugins indiscriminately, and "Hardened Developers," who now refuse to run any "Claw" skill that hasn't been manually audited.
- Trojan "Skills":
Agentic Commerce: The Future of the Transaction
Despite the security hurdles, the momentum toward autonomous utility is unstoppable. Mastercard has already begun advocating for a new "Agentic Commerce" framework to define the legalities of agents making autonomous purchases. As OpenClaw begins booking flights and buying groceries, the industry is racing to define who is responsible when an agent makes a financial error—the user, the developer, or the payment network.
For the modern professional, the choice is becoming clear: either you learn to manage your "Claw" through secure environments like NemoClaw, or you risk being left behind in a world where AI doesn't just suggest answers—it executes them.
About the author
