Citation

OpenClaw Matplotlib Incident (2026) - Footnote 27

partial75% confidence

1 evidence check

Last checked: 4/3/2026

The source does not mention security researchers finding over 1,800 exposed instances leaking API keys, chat histories, and credentials. The source does not mention OpenClaw trusts localhost by default with no authentication. The source does not mention Cisco's AI security team calling it 'groundbreaking' but 'an absolute nightmare' from a security standpoint.

Evidence — 1 source, 1 check

news.northeastern.edu/2026/02/10/open-claw-ai-assistant/(1 check)

partial75%Haiku 4.5 · 4/3/2026

Found: Security researchers found over 1,800 exposed instances leaking API keys, chat histories, and credentials. OpenClaw trusts localhost by default with no authentication; most deployments behind reverse …

Note: The source does not mention security researchers finding over 1,800 exposed instances leaking API keys, chat histories, and credentials. The source does not mention OpenClaw trusts localhost by default with no authentication. The source does not mention Cisco's AI security team calling it 'groundbreaking' but 'an absolute nightmare' from a security standpoint.

Debug info

Record type: citation

Record ID: page:openclaw-matplotlib-incident-2026:fn27