Anthropic raises $30 billion Series G at a $380 billion valuation – Run-rate revenue is now $14 billion, growing 10x annually. Eight of the Fortune 10 are Claude customers. → For consultancies evaluating AI vendors, Anthropic's financial runway now makes it a credible long-term partner. Anthropic

Anthropic accuses three Chinese AI labs of systematic model extraction – DeepSeek, Moonshot AI, and MiniMax used 24,000 fraudulent accounts to generate 16 million interactions with Claude. → IP protection is now an operational concern, not just a geopolitical one. Ask your AI vendors how they detect and respond to extraction attacks. TechCrunch

OpenAI partners with BCG, McKinsey, Accenture and Capgemini on Frontier – Multi-year "Frontier Alliances" with embedded OpenAI engineers inside client delivery teams. → Mid-market consultancies face a narrowing window to build internal AI capability before the gap becomes a commercial disadvantage. OpenAi

1.5 million AI agents operating without governance A Gravitee study of 750 IT executives found over three million AI agents now operating inside US and UK organisations—with 47% actively unmonitored. The mean number of agents deployed per business is 36.9. One in two is ungoverned. 88% of firms have already experienced or suspected an AI agent-related security or privacy incident in the past year.

→ Shadow AI is not a future risk. It is a current operational reality. The most common entry point is individual developers installing tools like OpenClaw without IT approval. Run a network scan for exposed ports (18789, 18793 for OpenClaw specifically) and check for agent directories on BYOD devices. If you find them, you have a policy gap, not just a security gap.

Gravitee

Anthropic Claude Code now scans codebases for security vulnerabilities Claude Code's latest capability identifies weaknesses in production codebases and suggests targeted patches for human review. The announcement contributed to a software stock selloff, with Thomson Reuters dropping 16% and LegalZoom falling 20%.

→ AI is beginning to replace the audit layer, not just the production layer. For consultancies doing any code-adjacent delivery—technical due diligence, system reviews, DevOps work—this changes the cost structure of what you can offer clients. The firms that integrate this first will reprice their services; those that don't will be repriced by competition.

CNN

Cloud Security Alliance flags governance gaps in autonomous agents A new CSA report finds that enterprises deploying AI agents are relying on static credentials, inconsistent access controls, and undefined accountability structures. Runtime guardrails are rare. Audit logging is inconsistent. Only 18% of security leaders are highly confident their IAM systems can manage agent identities effectively.

→ If you're deploying any agents in client environments, your governance documentation needs to include: credential rotation policies, audit log configuration, and a defined accountability chain for every action the agent can take. This is no longer optional in regulated industries.

CSA

Use for scanning your network perimeter for exposed agent ports before your security team—or an attacker—does it for you.

Standout: searches for default OpenClaw ports (18789, 18793) take under two minutes.

Caveat: requires an account for detailed results.

Shodan

Use for centralising visibility and governance across AI agent API calls.

Standout: designed for agent-to-agent traffic, not just human-to-API interactions.

Caveat: overkill for firms under 50 staff; start with a simple agent registry first.

Gravitee

Use for AI governance portfolio management—tracking which agents are deployed, what data they access, and whether they're meeting compliance requirements.

Caveat: enterprise-focused pricing. Evaluate against simpler alternatives for firms under 100 staff.

ModelOp

OpenClaw positions itself as the flexible, community-driven alternative to closed agent platforms. Install it, connect it to your preferred model provider, and it handles complex multi-step workflows autonomously. The ClawHub marketplace extends capability further — a catalogue of published skills that anyone can install to extend what the agent can do.

Three interfaces to choose from. Multi-provider model support. An active contributor community. 95,000 GitHub stars in under three months. On paper, it's exactly what technically curious developers want to experiment with.

On 30 January 2026, researcher Mav Levin disclosed CVE-2026-25253, rated CVSS 8.8 out of 10. One click on a malicious webpage and an attacker gets full remote control of your OpenClaw instance — arbitrary code execution, configuration changes, complete gateway compromise. The root cause is architectural: OpenClaw's control UI trusts the gateway URL without validation and doesn't check WebSocket origins. Cross-site WebSocket hijacking takes milliseconds. Even localhost-only setups are exploitable. Belgium's Centre for Cybersecurity issued a national advisory telling citizens to stop using it.

The ClawHub marketplace compounds the problem significantly. Koi Security audited it and found 341 malicious skills — 12% of the entire registry. Snyk found 283 skills actively leaking credentials: API keys, OAuth tokens, SSH credentials, credit card numbers. Bitdefender puts the malicious share at 17%. One single user account published 199 fake skills. The barrier to publishing? A GitHub account one week old. No code review. No verification. Skills install cleanly, look legitimate, and exfiltrate silently.

Censys identified 21,639 OpenClaw instances exposed to the open internet as of 31 January — default ports, zero authentication, API keys and full chat histories readable by anyone who looks. Pillar Security found that sophisticated attackers aren't even trying to manipulate the AI layer — they're connecting directly to the WebSocket gateway and issuing raw commands, bypassing the model entirely.

Prompt injection adds a third attack vector. OpenClaw reads content from web pages, emails, and documents and interprets it as instruction. Malicious content hidden in a client document, a web page visited during research, or an email processed by the agent becomes a command the agent executes. There is no architectural defence for this at scale. Simon Willison's "lethal trifecta" — private data access, untrusted content ingestion, and external communication — describes OpenClaw exactly.

Beyond the security failures, the operational risk is significant. A developer set up a simple heartbeat check — asking OpenClaw what time it was every 30 minutes — and burned $20 overnight due to uncontrolled token usage to Claude Opus. Projected monthly cost for that one task: $750. No usage alerts. No budget limits. No cost guardrails. The companion platform Moltbook exposed its entire database publicly, including secret API keys. Scammers grabbed abandoned social handles within seconds of OpenClaw's rebranding from Clawdbot and Moltbot, launching a fake CLAWD token on Solana that pumped to $16 million before crashing 90%.

Three high-impact security advisories in three consecutive days. Trail of Bits CEO Dan Guido called the codebase — maintained by 350 contributors plus AI agents writing code — "building a house without an architect." Google security founding member Heather Adkins said publicly: don't run it. Cisco called the exposed instance problem "an absolute nightmare."

Gartner predicts 40% of enterprise applications will embed AI agents by end of 2026, up from less than 5% in 2025. But only 6% of organisations have an advanced AI security strategy. OpenClaw's install count keeps climbing into that gap.

→ Unified registry across all deployed agents and their permissions

→ Runtime access controls and policy enforcement per agent identity

→ Audit logging of every agent action, data access, and external call

→ Agent-to-agent traffic monitoring via Gravitee Agent Mesh

→ Open-source core with enterprise governance layer