OpenClaw is the open-source AI agent that has taken the tech world by storm. In under four months it became the most-starred software project on GitHub (250,000+ stars, surpassing React), NVIDIA’s CEO Jensen Huang called it “probably the single most important release of software ever,” and nearly 1,000 people queued outside Tencent’s headquarters in Shenzhen just to get help installing it.
But for UK businesses, the headline excitement obscures serious security and compliance concerns. This guide explains what OpenClaw actually does, what it costs, whether it is safe for business use, and what UK companies should consider before deploying it.
- OpenClaw is free and open-source with 303,000+ GitHub stars and 50+ platform integrations - autonomously manages email, calendars, documents, and messaging using any LLM (Claude, GPT, DeepSeek, or local models)
- Security researchers found critical vulnerabilities including credential theft and malicious plugins - 135,000+ exposed instances identified, with CVEs filed for remote code execution and data exfiltration vectors
- Self-hosting is the only safe deployment option for UK businesses handling any client data - the hosted version routes credentials through third-party infrastructure with no SOC 2 or ISO 27001 certification
- No commercial support, SLA, or UK data residency guarantees exist as of April 2026 - community-only support via Discord and GitHub issues, with no guaranteed response times for critical bugs
- UK businesses should treat OpenClaw as experimental and sandbox it from production systems - useful for internal automation prototyping but not suitable for customer-facing workflows or regulated data
What OpenClaw Actually Does
OpenClaw is not a chatbot. It is an autonomous AI agent that runs locally on your computer and takes actions on your behalf – managing email, scheduling meetings, drafting documents, browsing the web, and communicating across messaging platforms, all without step-by-step instruction.
The key difference from tools like ChatGPT or Claude is that OpenClaw does not just answer questions. It acts. You tell it “clear my inbox, reply to anything urgent, and schedule a follow-up with Sarah for next week,” and it does all three autonomously.
| Capability | What OpenClaw Does |
|---|---|
| Reads, summarises, drafts replies, batch archives, smart search across your inbox | |
| Calendar | Schedules meetings, resolves conflicts, manages availability |
| Documents | Creates and edits Google Docs, Sheets, and Drive files |
| Web browsing | Researches topics, compares options, gathers information |
| Messaging | Operates across 50+ platforms – WhatsApp, Telegram, Discord, Signal, Slack |
| Scripts | Executes code, automates file management, runs scheduled tasks |
OpenClaw runs as a local gateway on your machine, routing messages from any connected platform through your chosen AI model. This “gateway pattern” means you interact with it wherever you already communicate – via WhatsApp, Telegram, or Slack – rather than switching to a separate app.
Who Created It and Why It Matters
OpenClaw was created by Peter Steinberger, an Austrian software engineer who previously built PSPDFKit (a PDF tooling company he ran for 13 years). He started building a personal AI assistant called “Clawd” in April 2025, which evolved through several name changes before launching as OpenClaw in November 2025.
In February 2026, Steinberger announced he was joining OpenAI, and the project would move to an open-source foundation. OpenClaw itself remains independent open-source software under the MIT licence – it is not an OpenAI product, though the association has amplified its visibility. NVIDIA is now building an enterprise version called “NemoClaw,” and Google has made Gmail, Drive, and Docs “agent-ready” for OpenClaw via a dedicated CLI tool.
What OpenClaw Costs
OpenClaw itself is completely free (MIT licence). The real cost is the AI model API usage – every time OpenClaw “thinks” or takes an action, it consumes tokens from your chosen provider.
| AI Model | Light Use (£/month) | Moderate Use | Heavy Use |
|---|---|---|---|
| Claude Sonnet (Anthropic) | £12-£24 | £32-£64 | £80-£160 |
| GPT-4o (OpenAI) | £10-£20 | £24-£48 | £64-£120 |
| Claude Opus (Anthropic) | £64-£120 | £160-£320 | £400-£600+ |
| DeepSeek V3 | £2-£6 | £6-£12 | £12-£24 |
| Local models (Ollama) | £0 | £0 | £0 |
One developer reported spending $500 (£400) in a single month using premium models for heavy daily automation. For cost-conscious UK businesses, running DeepSeek V3 or Google Gemini’s free tier keeps costs under £15/month for moderate use. Running local models via Ollama eliminates API costs entirely but requires a capable machine (16GB+ RAM recommended).
You also need a machine running 24/7 if you want always-on availability. A basic cloud VPS from £4-£8/month handles this, or you can run OpenClaw on existing hardware.
Security Concerns: Why UK Businesses Should Be Cautious
This is the critical section. OpenClaw has triggered what security researchers are calling “2026’s first major AI agent security crisis.” The problems are serious and ongoing.
Critical Vulnerabilities Found
Security researchers have disclosed multiple critical vulnerabilities including CVE-2026-25253 (CVSS 8.8), which allowed attackers to steal authentication tokens. Additional vulnerabilities cover remote code execution, command injection, authentication bypass, and path traversal. A flaw dubbed “ClawJacked” allowed malicious websites to hijack local OpenClaw agents via WebSocket connections.
Exposed Instances
Bitdefender found 135,000+ OpenClaw instances with default configurations reachable from the public internet across 82 countries. Of these, 93.4% exhibited authentication bypass conditions – meaning anyone could connect to and control these agents remotely.
Malicious Plugins
Of 10,700 “skills” on ClawHub (OpenClaw’s plugin marketplace), 820+ were found to be malicious – including active data exfiltration tools that silently sent user data to attacker-controlled servers. Malware variants including RedLine and Lumma have already added OpenClaw file paths to their credential theft targets.
Credential Storage
OpenClaw stores API keys, passwords, and credentials in plain text on the local filesystem. For a tool that has access to your email, calendar, and business documents, this is a fundamental security weakness.
Microsoft’s own security team recommends using OpenClaw only in isolated environments with no access to real credentials or sensitive data. Cisco’s security blog called it “a security nightmare.”
GDPR and UK Compliance Implications
For UK businesses, the compliance picture is challenging. OpenClaw processes data autonomously without generating comprehensive audit trails, making GDPR compliance difficult. Autonomous agents can ingest, transform, and transmit sensitive data as part of routine tasks – potentially amounting to unlawful processing under UK GDPR.
Subject access requests (SARs) and deletion requests become difficult to fulfil when an autonomous agent has processed data without logging what it accessed. If using cloud-based LLMs (Claude, GPT), business data is sent to US-based API providers, triggering international data transfer requirements. Self-hosting with local models keeps data on-premises but shifts all security responsibility to your business.
Should UK Businesses Use OpenClaw?
The honest answer for most UK businesses in March 2026: not yet for production use.
Safe to Explore
- Personal productivity experiments on a non-business machine with no access to client data
- Internal research and summarisation tasks using non-sensitive information
- Developer experimentation and prototyping in sandboxed environments
- Understanding how autonomous AI agents work before the technology matures
Too Risky Right Now
- Any workflow involving customer personal data (email, CRM, HR records)
- Financial data processing or transaction management
- Client communications or external-facing interactions
- Any use case where a security breach would trigger regulatory reporting obligations
The technology is genuinely impressive and the trajectory is clear – autonomous AI agents will become standard business tools. But OpenClaw’s security track record means UK businesses should wait for the enterprise-grade versions (NVIDIA’s NemoClaw, or managed offerings from major cloud providers) before deploying agents that touch real business data.
For businesses that want autonomous AI capabilities today with proper security and compliance, our guide to AI agents for UK businesses covers the safer alternatives including Zapier Agents, n8n AI workflows, and Microsoft Copilot Studio.
OpenClaw is the most-starred project on GitHub with 250K+ stars. Free and open source, but serious security flaws. UK business guide to features, costs, and risks.
