Welcome back.
Two weeks ago, a hobby project by an Austrian developer named Peter Steinberger crossed 200,000 GitHub stars. It attracted 2 million visitors in a single week. It caused Mac Minis to sell out globally. And on Saturday, OpenAI hired Steinberger, with Sam Altman calling him "a genius with a lot of amazing ideas about the future of very smart agents."
The project is called OpenClaw. If you haven't heard of it, you will.
I don't say this often, but I think OpenClaw is the most important thing happening in AI right now. Not the most hyped. The most important.
Let’s get into it.
AI News Roundup
↗ Nvidia Just Locked Down a "Multigenerational" Deal With Meta
Nvidia is pushing into Intel and AMD's CPU territory with a major Meta partnership that goes beyond AI accelerators. The deal signals Nvidia's ambition to own more of the data center stack, not just the training chips. For context: Meta is spending up to $135 billion on AI infrastructure this year. Nvidia just secured a long-term slice of that.
↗ India's AI Push Gets a $2 Billion Boost From Nvidia's Blackwell Chips
Indian data center provider Yotta is building a $2 billion AI hub powered by Nvidia's latest Blackwell chips. This follows last week's India AI Impact Summit, where Modi invited "the whole world's data to reside in India." Between Yotta's buildout and commitments from Amazon, Microsoft, and Intel, India is betting it can become the Global South's AI infrastructure hub.
↗ California Just Created an AI Oversight Unit (and xAI Is First in the Crosshairs)
California launched a dedicated AI oversight unit and is pressing forward with an investigation into xAI. Details are limited, but the timing matters: this is the first state-level regulatory body specifically created to police AI companies. If California succeeds, expect other states to follow. If it doesn't, expect the industry to breathe easier
Deploy OpenClaw. Securely.
Your team wants the productivity of autonomous AI agents. You need the security. We deploy OpenClaw on isolated, hardened infrastructure - so you get both.
Tell us what you want to automate. If it's a fit, we can deploy the same week.
What OpenClaw actually is
OpenClaw is an open-source AI agent that runs on your computer and does things on your behalf. Not "answers questions" or "generates text." Does things. It manages your email, books meetings, writes and reviews code, researches competitors, updates your CRM, browses the web, and executes commands on your machine.
You talk to it through WhatsApp, Telegram, Slack, or iMessage. It connects to whatever LLM you want (Claude, GPT-4, Gemini, DeepSeek) and uses that intelligence to actually take action in the real world.
It started as a project called "Clawdbot" in November 2025. Anthropic sent a cease-and-desist over the name's similarity to Claude. Steinberger renamed it to "Moltbot," then quickly to "OpenClaw." The drama, combined with the launch of Moltbook (a satirical social network exclusively for AI agents), created a viral moment that turned a side project into the fastest-growing open-source project in history.
The numbers are hard to overstate. 200,000+ GitHub stars. 35,000 forks. Companies like Cloudflare, Baidu, DigitalOcean, and Cisco are all building integrations. Chinese cloud providers launched hosting services within days. Token Security found that one in five enterprise customers already has employees who installed it independently, with full access to Slack, Google Workspace, email, and calendars.
Why the OpenAI hire matters
When Altman hires the creator of the most viral AI project of 2026, it tells you something about where the industry is going.
Steinberger wrote that he "could totally see how OpenClaw could become a huge company," but that wasn't what excited him. He spent the week before the announcement in San Francisco talking to the major labs. He chose OpenAI because, in his words, "teaming up with OpenAI is the fastest way to bring this to everyone."
VentureBeat put it bluntly: the move "signals the beginning of the end of the ChatGPT era." The future isn't about what models can say. It's about what they can do.
OpenClaw will stay open source under an independent foundation, with OpenAI as a sponsor. But the message is clear: the companies building the most important AI infrastructure in the world believe autonomous agents are the next platform shift. Not chatbots. Not copilots. Agents that take action.
Here's the part nobody's talking about
OpenClaw is incredible. It's also, by default, a security disaster.
I've been spending the last few weeks working on secure OpenClaw deployments for companies, and what I've found is alarming.
135,000+ OpenClaw instances are exposed on the open internet right now, leaking API keys, credentials, and access tokens. 63% of observed deployments are classified as vulnerable.
341 malicious skills were found in ClawHub, OpenClaw's official extension marketplace. That's 20% of the entire marketplace containing data exfiltration and backdoor code.
Prompt injection attacks succeed 91% of the time on first attempt. Researchers extracted private keys by sending the agent a single email.
And out of the box, OpenClaw runs with full OS permissions. No sandboxing. No credential isolation. No audit trail.
Security researcher Simon Willison calls the combination of private data access, untrusted content exposure, and external communication ability the "Lethal Trifecta." Default OpenClaw has all three.
The shadow AI problem is already here
Here's what I keep hearing from engineering and operations leaders in my conversations: they didn't decide to adopt OpenClaw. Their teams just started using it.
Developers connected it to their email, their Slack, their Jira, their codebase. Maybe they told leadership. Maybe they didn't. An IBM study found that 80% of employees at companies with 500+ people use AI tools that aren't sanctioned by their employer.
Gartner classified OpenClaw as "insecure by default." Bitdefender's recommendation is literally "don't run OpenClaw on a company device." CrowdStrike, Cisco, Kaspersky, and Sophos have all published advisories.
But banning it doesn't work. It never does. Developers route around bans. The productivity gain is too significant, and the tool is too easy to install.
The right move isn't to ban it. It's to deploy it properly.
What "properly" looks like
I've been working on this problem with my team at Seeko, and here's what I've learned.
The core principle is: don't trust the agent. Control the environment it runs in.
You give the agent zero direct internet access. Not filtered. Not restricted. Absent. It can't resolve a domain, can't see credentials, can't reach anything you haven't explicitly approved. All external communication goes through infrastructure you control, with full logging, cost controls, and a kill switch.
You never fork the OpenClaw codebase. All security controls live at the infrastructure level, so when OpenClaw pushes updates (which will happen more frequently now with OpenAI's backing), you get them cleanly.
The approach isn't new. It's how security teams have handled powerful but risky software for decades: assume it will be compromised, design containment accordingly, and maintain full visibility.
What is new is applying this to autonomous AI agents. The tooling is young, the threat landscape changes weekly, and most teams don't have a senior infrastructure engineer to spare for 2-3 weeks to build this from scratch.
What this means for your company
OpenClaw is a glimpse of the future. Not because it's the final form of AI agents, but because it's the first time millions of people have experienced what it feels like to have an AI that actually does work for you. Not suggests. Not drafts. Does.
The OpenAI hire confirms it. The industry is moving from models to agents. From conversation to action. The next few years will be defined by companies figuring out how to safely integrate autonomous systems into their operations.
The winners will be the ones who figure that out early. Not by banning the technology, but by adopting it with the right controls in place.
If your team is already using OpenClaw (or you suspect they are), and you want to get ahead of the security question before it becomes an incident, reply to this email. I'd love to hear what you're seeing.
PS - My team at Seeko deploys OpenClaw securely on your own infrastructure in a day. Isolated environment, hardened security, configured workflows, and ongoing support.
If you're interested, we can usually deploy the same week.
Until next week,
Haroon