Clouds rush to deliver OpenClaw-as-a-service offerings • The Register

If you’re brave enough to want to run the demonstrably insecure AI assistant OpenClaw, several clouds have already started offering it as a service.

OpenClaw, the name its developer Peter Steinberger settled on after changing from Clawdbot to Moltbot, is a platform for AI agents. Users can provide it with their credentials to various online services and prompt OpenClaw to operate them by issuing instructions in messaging apps like Telegram or WhatsApp. Steinberger says it “clears your inbox, sends emails, manages your calendar, checks you in for flights.”

Using OpenClaw’s AI features requires access to an AI model, either by connecting to an API or by running one locally. The latter possibility apparently sparked a rush to buy Apple’s $599 Mac Mini.

OpenClaw is new and largely untested – just the sort of workload that cloud operators have long said they excel at hosting so users can gather some experience before moving to production.

Clouds were therefore quick to develop OpenClaw-as-a-service oferings.

China’s Tencent Cloud was an early mover, last week delivering a one-click install tool for its Lighthouse service – an offering that allows users to deploy a small server and install an app or environment and run it for a few dollars a month.

DigitalOcean delivered a similar set of instructions a couple of days later, and aimed them at its Droplets IaaS offering.

Alibaba Cloud launched its offering today and made it available in 19 regions, starting at $4/month, and using its simple application server – its equivalent of Lighthouse or Droplets. Interestingly, the Chinese giant says it will soon offer OpenClaw on its Elastic Compute Service – its full-fat IaaS equivalent to AWS EC2 – and on its Elastic Desktop Service, suggesting the chance to rent a cloudy PC to run an AI assistant.

Kill it with fire

Analyst firm Gartner has used uncharacteristically strong language to recommend against using OpenClaw.

In new advice titled “OpenClaw Agentic Productivity Comes With Unacceptable Cybersecurity Risk,” the firm describes the software as “a dangerous preview of agentic AI, demonstrating high utility but exposing enterprises to ‘insecure by default’ risks like plaintext credential storage.”

“Shadow deployment of OpenClaw creates single points of failure, as compromised hosts expose API keys, OAuth tokens, and sensitive conversations to attackers,” the firm adds, before recommending that businesses should immediately block OpenClaw downloads and traffic and stop traffic to the software.

Next, search for any users accessing OpenClaw and tell them to stop because using the software probably involves breaching security controls.

If you must run it, Gartner recommends doing so only in isolated nonproduction virtual machines with throwaway credentials.

“It is not enterprise software. There is no promise of quality, no vendor support, no SLA… it ships without authentication enforced by default. It is not a SaaS product that you can manage via a corporate admin panel,” Gartner advises.

The firm also recommends rotating any credentials OpenClaw touches, as the AI tool’s use of plaintext storage and shabby security mean there’s a chance malefactors can use the login details for evil. So maybe don’t rush to use those cloudy OpenClaw services at work? Or anywhere? ®