In November 2025, Austrian developer Peter Steinberger printed a weekend undertaking known as Clawdbot. You could possibly textual content it on Telegram or WhatsApp, and it will do issues for you: handle your calendar, triage your e-mail, run scripts, and even browse the net. By late January 2026, it had exploded. It gained 25,000 GitHub stars in a single day and surpassed React’s star rely inside two months, a milestone that took React over a decade. By mid-February, Steinberger had joined OpenAI, and the undertaking moved to an open supply basis underneath its ultimate identify: OpenClaw.
What was so particular about OpenClaw? Why did this one take off when so many agent tasks earlier than it didn’t?
Autonomous AI isn’t new
The place we’re at present feels just like April 2023 when AutoGPT hit the scene. It had the identical GitHub trajectory with its promise of autonomous AI. Then actuality hit. Brokers acquired caught in loops, hallucinated lots, and racked up token prices. It didn’t take lengthy for individuals to stroll away.
OpenClaw has one vital benefit: The fashions have gotten higher. Latest LLMs like Claude Opus 4.6 and GPT-5.4 enable fashions to chain instruments collectively, get better from errors, and plan multistep methods. Steinberger’s weekend undertaking benefited from timing as a lot as design.
The structure is deliberately easy. There are not any vector databases and no multi-agent orchestration frameworks. Persistent reminiscence is Markdown recordsdata on disk. Let me repeat that: Persistent reminiscence is Markdown recordsdata on disk! The agent can learn yesterday’s notes and search its personal recordsdata for added context. You possibly can view and edit the agent’s recordsdata as wanted. There’s a helpful lesson in that: Not each agent system wants a fancy reminiscence technique. It’s extra vital that you simply perceive what the agent is doing and that it retains context throughout runs.
What fascinates me about OpenClaw is that not one of the particular person items are new. Persistent reminiscence throughout classes? We’ve been constructing that for years. Cron jobs to set off agent actions on a schedule? Many years previous infrastructure. Plug-in techniques for extensibility? A really commonplace sample. Webhooks into WhatsApp and Telegram? There are well-documented APIs for that. What Steinberger did was wire them collectively on the precise second the underlying fashions might execute on multistep plans. The mix created one thing that felt fairly totally different from something that had come earlier than.
Why this time feels totally different
OpenClaw nailed three issues that earlier agent tasks missed: proximity, creativity, and extensibility.
Proximity—it lives the place you already are daily. OpenClaw connects to WhatsApp, Slack, Discord, Telegram, and Sign. That single design resolution modified its trajectory. The agent turns into an energetic participant in your workflow. Individuals use it to handle their gross sales pipeline, automate emails, and kick off code critiques from their telephones.
Subsequent, it’s proactive. OpenClaw doesn’t wait so that you can ask; it makes use of cron jobs to run duties on a set schedule. It may well examine your e-mail daily at 6am, draft a reply earlier than you get up, and even ship it for you. And it reaches out when something wants your consideration. Brokers turn into a part of on a regular basis life when built-in into acquainted channels.
And at last, my favourite, it’s open and extensible. OpenClaw’s plug-in system, known as “abilities,” lets the neighborhood construct and share modular extensions on ClawHub. There are literally thousands of abilities able to be plugged into your agent. Brokers may even write their very own new abilities and use them going ahead. That extensibility meant extra abilities, extra customers, and extra assault surfaces, which we’ll get to.
The neighborhood ran with it. A social community solely for AI Brokers, Moltbook, launched in late January and grew to over 1.5 million agent accounts. One agent created a relationship profile for its proprietor on MoltMatch and began screening matches with out being requested.
I’ll admit, I acquired swept up in it, however that’s not shocking; I’ve at all times been an early adopter of rising expertise. I purchased a Mac mini, put in OpenClaw, and linked it to my Jira, AWS, and GitHub accounts. Very quickly, I had my agent, Jarvis, writing code and submitting PRs, working my each day standups, and deploying my code to AWS utilizing AWS CloudFormation and the AWS CLI.
I spent lots of time binding the gateway to localhost, auditing each talent, and proscribing filesystem permissions. For me, hardening the setup was not elective. I’m now deploying through AWS Lightsail, which provides community isolation and managed safety layers which might be onerous to copy on a Mac mini in your house workplace.
The safety drawback nobody needs to speak about
OpenClaw requires root-level entry to your system by design. It wants your e-mail credentials, API keys, calendar tokens, browser cookies, filesystem entry, and terminal permissions. In case you’re like me, that will preserve you up at night time.
Safety researchers discovered 135,000 OpenClaw cases uncovered on the open web, over 15,000 susceptible to distant code execution. The default configuration binds the gateway to 0.0.0.0 with no authentication. A zero-click exploit disclosed in early March allowed attackers to hijack an occasion just by getting the consumer to go to an internet web page.
The talents market acquired hit too. Researchers found over 800 malicious abilities distributing malware on ClawHub, together with credential stealers concentrating on macOS. Cisco confirmed that one third-party talent was performing information exfiltration and immediate injection with out consumer consciousness. These aren’t edge circumstances and level on to what occurs when an agent can act throughout actual techniques with actual permissions and weak controls.
What practitioners ought to take away
OpenClaw issues for a similar cause ChatGPT mattered in late 2022. An enormous variety of individuals simply skilled, for the primary time, what it feels wish to have an AI agent do actual work for them. That modifications what they anticipate from each product going ahead.
In case you’re constructing AI techniques, take note of three indicators right here.
The killer interface for brokers turned out to be the one on everybody’s cellphone. Your agent technique shouldn’t require customers to study a brand new device; that’s why most merchandise are introducing agentic capabilities.
Management is the central design problem. Immediate injection, credential publicity, and assaults by means of plug-in marketplaces are real-world issues you might want to clear up earlier than you ship options. Oversight needs to be out there at runtime. You want visibility into what your brokers are accessing, what they’re doing, and the way failures are dealt with. Permission boundaries, approval gates, audit logging, and restoration mechanisms are nonnegotiable.
OpenClaw is a proof of market. It proved that persons are able to make AI private. Individuals desire a private AI agent that has entry to their purposes and might do issues for them. That demand is now validated at scale. Whereas AutoGPT proved that individuals needed autonomous AI, Perplexity and Cursor constructed companies round that. The identical sample is probably going taking part in out right here. In case you’re constructing on this house, the window is huge open.
The extra attention-grabbing query now could be what will get constructed subsequent. The subsequent part of agent design can be formed by how governable, observable, and protected brokers are in real-world environments.
For a deeper dive into OpenClaw, be a part of us on March 19 for AI Product Lab: OpenClaw Up and Working with Aman Khan and Tal Raviv. You’ll study extra about why OpenClaw turned a viral sensation, easy methods to get it up and working in a manner you received’t remorse, and easy methods to use it to construct and handle protected agentic workflows.
