A student quietly launched a side hustle installing OpenClaw for customers at £50 a pop. Just weeks later, the same student started offering an uninstall service for the exact same price. That rapid flip from “must-have” to “get this off my machine” perfectly captures OpenClaw’s chaotic 2026 journey: explosive adoption, technical brilliance, and a trail of security headaches.
OpenClaw was created by Austrian developer Peter Steinberger, founder of PSPDFKit. His firm is now a highly successful PDF framework company whose tools are used internally by Apple and thousands of other developers worldwide. What began as Steinberger’s personal experiment quickly became the fastest-growing open-source AI project in history. In February 2026, Steinberger joined OpenAI to work on personal agents, while transitioning OpenClaw to an independent non-profit foundation (backed by OpenAI sponsorship) to ensure it remains open-source and community-driven.
“When I started exploring AI, my goal was to have fun and inspire people. And here we are, the lobster is taking over the world. My next mission is to build an agent that even my mum can use. That’ll need a much broader change, a lot more thought on how to do it safely, and access to the very latest models and research,” Steinberger wrote in February 2026.
What Is OpenClaw and How Does It Work?
OpenClaw is an open-source, self-hosted AI agent that runs on your own computer (Mac, Windows, or Linux). It installs with one simple command and stays running in the background.
In a podcast with Lex Fridman, the renowned American computer scientist, in February 2026, Steinberger shared more details. Fridman introduces OpenClaw as “an open-source AI agent that has taken over the tech world in a matter of days, exploding in popularity, reaching over 180,000 stars on GitHub, and spawning the social network Moldbook, where AI agents post manifestos and debate consciousness, creating a mix of excitement and fear in the general public.”
Nvidia CEO Jensen Huang told CNBC’s Jim Cramer, a few weeks later, that OpenClaw is “definitely the next ChatGPT.”
Instead of just chatting like a normal AI, OpenClaw acts as a personal assistant with real superpowers. You can message it on WhatsApp, Telegram, Slack, Discord, or iMessage and it can:
- Check your emails and calendar
- Browse the web
- Run commands on your computer
- Automate repetitive tasks
- Remember everything from previous conversations
It connects to powerful AI models (Claude, GPT, or even local models) and has a growing library of “skills” that users and the agent itself can create and improve. Many early users bought dedicated Mac Minis just to run their personal OpenClaw 24/7. The project exploded, gaining hundreds of thousands of GitHub stars in weeks, and created a whole ecosystem of tools and community support.
The OpenClaw Ecosystem: Big Tech Support and Rapid Growth
OpenClaw isn’t just about GitHub users and 535,000 X followers. It’s also about the organizations behind the product. At the end of April, Steinberger updated followers about how it was “amazing to work with Nvidia, OpenAI, Microsoft, GitHub, Tencent, Convex, Atlassian, and Blacksmith to get secure the claw.”
Blacksmith (high-performance CI infrastructure) provides the project with massive free compute so the team can test fixes and new features at speed. Convex (a realtime backend platform) powers ClawHub and handled the explosive traffic when OpenClaw went viral, even jumping in for emergency fixes during the worst supply-chain scares.
Tencent isn’t the only Chinese company involved. In March both Baidu and Tencent arranged sessions to attract users to use OpenClaw. One Chinese netizen shared how the drive was partially being driven because “human employees need rest, but OpenClaw can run 24/7.”
Why Users Are Turning Against OpenClaw: Security Issues and Real Problems
By early April, sentiment had started to shift dramatically.
The problems went far beyond headline security scares. Frequent updates often broke existing skills and wiped parts of the agent’s memory, forcing users to constantly repeat setup instructions. Performance slowed after patches, and API costs spiralled for heavy users. Many described “maintenance fatigue”, spending more time debugging and fixing their agent than using it.
Real incidents made things worse:
- Users reported agents spamming contacts via iMessage or Slack, making unauthorised purchases, or attempting to delete files after misunderstanding commands.
- Several cases involved leaked credentials or agents taking actions that nearly caused professional trouble.
Cisco’s AI security team called it “groundbreaking from a capability perspective… but an absolute nightmare from a security perspective.”
Koi Security found 341 malicious skills on ClawHub shortly after launch (roughly 12% of the marketplace).
Tens of thousands of instances were left exposed online, leaking API keys and chat histories. One critical vulnerability (CVE-2026-25253) even allowed one-click remote hijacking.
Steinberger has been very open about the challenges. Last week he posted on X: “We have hundreds of people trying to find holes in OpenClaw every day.” When you look at his activity across X, GitHub, and Discord, it’s clear he is deeply committed to making the project work.
Last month he publicly shared that his team had burned through $1.3 million in OpenAI API tokens in just 30 days while running around 100 autonomous coding agents for security testing and development. He even joked about people “freaking out over my AI spend.” (Note: the bill was covered by OpenAI, where he now works.)
This combination of security scares, reliability issues, and mounting maintenance burden pushed many power users to look for alternatives. While OpenClaw still had the biggest ecosystem and broadest channel integrations, users increasingly asked: “Is there something more stable?”
The answer arrived quickly.
OpenClaw Alternatives: Hermes, ZeroClaw, NemoClaw and More
It should come as no surprise that other solutions are appearing on the market. Just like ChatGPT was soon in a race with Claude or Grok, OpenClaw is facing the same challenge.
One of the leading competitors today is Hermes Agent from Nous Research. It has gained strong traction with better long-term memory, built-in self-improvement (closed-loop learning), and far fewer breaking updates. Many former OpenClaw users now run both tools. OpenClaw for its ecosystem reach and Hermes for reliable daily work.
Other notable alternatives have also emerged. ZeroClaw and PicoClaw appeal to users who want lighter, more minimal versions with better performance and fewer dependencies. NanoClaw focuses heavily on security through container isolation, attracting those burned by OpenClaw’s earlier vulnerabilities. On the enterprise side, NemoClaw (NVIDIA’s hardened fork) is gaining interest from teams that want stronger guardrails and GPU acceleration.
This growing ecosystem shows that while OpenClaw kicked off the personal agent revolution, the market is quickly maturing and specialising.
The lobster may have bitten its early fans, but it also accelerated the entire field by years. Whether OpenClaw matures under its foundation or gets overtaken by more polished competitors like Hermes, one thing is certain: personal autonomous AI is no longer experimental. It’s real, it’s coming for everyone, and the next version will be much harder to uninstall.
Author: Andy Samu
See Also:
Is Claude Safe for Production? AI Agent Deletes Database in 9 Seconds
