Citation

OpenClaw Matplotlib Incident (2026) - Footnote 29

unverifiable30% confidence

1 evidence check

Last checked: 4/3/2026

The source does not mention the number of exposed instances leaking data. The source does not mention OpenClaw trusting localhost by default. The source does not mention Cisco's AI security team calling it "groundbreaking" but "an absolute nightmare". The source does not mention Aanjhan Ranganathan (Northeastern University) describing it as "a privacy nightmare."

Evidence — 1 source, 1 check

fortune.com/2026/02/12/openclaw-ai-agents-security-risks-beware/(1 check)

unverifiable30%Haiku 4.5 · 4/3/2026

Found: Security researchers found over 1,800 exposed instances leaking API keys, chat histories, and credentials. OpenClaw trusts localhost by default with no authentication; most deployments behind reverse …

Note: The source does not mention the number of exposed instances leaking data. The source does not mention OpenClaw trusting localhost by default. The source does not mention Cisco's AI security team calling it "groundbreaking" but "an absolute nightmare". The source does not mention Aanjhan Ranganathan (Northeastern University) describing it as "a privacy nightmare."

Debug info

Record type: citation

Record ID: page:openclaw-matplotlib-incident-2026:fn29