OpenClaw has rapidly become one of the most exciting projects in the AI space. An open-source, local-first agent that can control your apps, manage your calendar, and execute shell commands, it skyrocketed to over 191,000 GitHub stars in weeks.

But that incredible velocity has a cost. With over 500,000 lines of code and 300+ commits added daily, OpenClaw is building code faster than any human team can audit.

Enter Bitsec (Subnet 60), a decentralized security network on Bittensor. In a recent triage run highlighted by researcher @tengyanAI, Bitsec’s AI agents scanned OpenClaw and flagged over 50 critical and high-severity vulnerabilities in a single pass.

Here is a look at the security gap Bitsec exposed, how you can lock down your instance, and why power users like Mark Jeffrey are still bullish on OpenClaw’s potential.

The Discovery: 50+ Critical Flags

The core problem, as noted by Teng Yan, is that “AI is writing code faster than humans can audit.” OpenClaw’s codebase is massive and growing exponentially, creating a surface area riddled with potential exploits.

Bitsec operates as a “competitive security layer.” Instead of relying on a single auditor, it incentivizes a decentralized network of miner-agents to constantly hammer codebases looking for weaknesses. 

When pointed at OpenClaw, the results were alarming:

• The scan: In one run, agents identified 50+ severe flaws, ranging from broken access controls to remote code execution (RCE) vectors.
• The threat: Independent researchers have also confirmed these risks. John Scott-Railton (Citizen Lab) disclosed a “1-click exploit” where visiting a malicious URL could allow an attacker to steal API keys and take full control of a device.

• The Simulation: Bitsec agents have previously replayed massive DeFi hacks (like the $250M Cetus exploit) in sandboxed environments. They are now applying that same stress-testing to OpenClaw to prove that these vulnerabilities aren’t just theoretical; they are deployable.

How to Protect Yourself (The Basilica Approach)

Despite the scary scan results, OpenClaw is too useful for many to ignore. The key is shifting from “plug-and-play” to a hardened security posture.

Basilica AI (SN39), a subnet under Covenant AI, advocates a philosophy called “Sacred Compute.” The core idea is that in an age of autonomous agents, your private keys and API tokens are not just settings. They are the keys to your digital identity and financial life. They must be treated with “reverence.”

Practical steps to harden OpenClaw include:

• Sandboxing: Never run OpenClaw on your bare metal OS. Use Docker containers or isolate it on a separate machine (like a Raspberry Pi) to prevent “escape” vulnerabilities from accessing your main file system.
• Account Isolation: Create separate accounts specifically for your OpenClaw agent rather than connecting it to your primary Gmail or iCloud. This ensures that even if the agent is compromised, your main digital identity remains secure.
• Network Privacy: Do not expose your gateway to the public internet. Use tools like Tailscale to create a private, encrypted mesh network that only your devices can access.
• Principle of Least Privilege: Use read-only API keys where possible. If an agent only needs to read tweets, do not give it permission to post or delete.

Why It Is Still Worth It

So, if OpenClaw is this dangerous, why are people using it? Because the upside is undeniable. When it works, it’s a superpower.

A prime example is Mark Jeffrey, partner at the Bittensor Fund and host of the Hash Rate podcast. He recently demonstrated how he uses a hosted OpenClaw instance to automate Bittensor subnet mining.

• The Experiment: Jeffrey set up “MoltyPython,” a custom OpenClaw agent, to manage mining operations.
• The Autonomy: The agent was able to create its own wallet, receive initial $TAO funding, and begin mining on subnets.
• The Loop: Most importantly, the agent became self-sustaining, earning enough TAO to pay for its own inference costs.

This is the promise that outweighs the risk: a future where AI agents are not just chatbots, but economic actors that can perform complex work, manage funds, and sustain themselves without constant human hand-holding.

The Bottom Line

The dynamic between Bitsec and OpenClaw isn’t just a bug report; it’s a reflection of the current state of AI. While OpenClaw drives permissionless innovation at a speed humans can’t match, Bitsec proves that humans can no longer audit this code alone.

As these agents begin to manage our digital lives, decentralized security agents like Bitsec won’t just be a “nice to have”; they will be the only thing standing between an autonomous future and total systemic failure.