# OpenClaw: Weekend Project to OpenAI Acquihire in 90 Days

**Plutonous** | February 17, 2026 | 14 min read



Tags: OpenClaw, OpenAI, AI Agents, Peter Steinberger, Acqui-Hire, Open Source, AI Security

---

**TL;DR:** OpenClaw, the open-source AI agent that lets you run autonomous tasks through WhatsApp, Telegram, and Slack, went from zero to 190,000+ GitHub stars in under 90 days, making it the 21st most-starred repo in GitHub history<sup><a href="#source-1">[1]</a></sup>. Creator Peter Steinberger turned down a mid-nine-figure offer from Meta and chose OpenAI, where he'll join the ChatGPT division while OpenClaw moves to an independent foundation<sup><a href="#source-2">[2]</a></sup>. Sam Altman called him "a genius with a lot of amazing ideas about the future"<sup><a href="#source-3">[3]</a></sup>. But security researchers found 512 vulnerabilities, 8 of them critical, including a CVSS 8.8 remote code execution flaw that exposed plaintext API keys and full system access on nearly 1,000 unprotected installations<sup><a href="#source-4">[4]</a></sup>.

The real story of OpenClaw isn't the GitHub stars, and it isn't the acqui-hire. It's what this project reveals about where the AI industry is actually heading: the battle for the agent layer. Not who builds the smartest model, but who controls the software that sits between the model and the real world, the thing that books your flights, manages your email, and runs your shell commands.

OpenAI didn't hire Peter Steinberger because OpenClaw is technologically groundbreaking. Some AI researchers have publicly questioned whether it is<sup><a href="#source-5">[5]</a></sup>. They hired him because OpenClaw proved, with 1.5 million AI agents created by real users, that autonomous personal agents aren't a research concept anymore. They're a product category. And OpenAI wants to own it.

> **Why This Matters Now**
>
> On February 14, 2026, Steinberger announced he's joining OpenAI. Sam Altman confirmed it the next day, stating that OpenClaw will "live in a foundation" and "we expect this will quickly become core to our product offerings"[2]. This is OpenAI's clearest signal yet that the next phase of AI competition isn't about model intelligence. It's about agent infrastructure: who builds the system that turns intelligence into action. Meta wanted the same thing and was willing to pay hundreds of millions for it[6].


## From Weekend Hack to 190,000 Stars: The Fastest Rise in Open-Source History

The timeline of OpenClaw's growth is genuinely without precedent. React took four years to reach 100,000 GitHub stars. TensorFlow took three. OpenClaw crossed that threshold in under eight weeks<sup><a href="#source-1">[1]</a></sup>.

- **190K+**: GitHub Stars
- **22K+**: GitHub Forks
- **416K+**: npm Downloads (30d)
- **1.5M**: AI Agents Created
- **2M+**: Website Visits (1 week)
- **9,000**: Stars in First 24 Hours


What makes this growth structurally different from typical open-source virality is that OpenClaw isn't a developer tool. It's a consumer product that happens to be open-source. The 1.5 million AI agents weren't created by engineers experimenting with a new framework. They were created by people who wanted an AI to manage their calendars, send WhatsApp messages, and browse the web on their behalf. Steinberger's stated mission is to "build an agent that even my mum can use"<sup><a href="#source-2">[2]</a></sup>. That consumer accessibility is precisely what makes it valuable to OpenAI.

**8 weeks** — Time to reach 100,000 GitHub stars


## The Triple Rebrand: Clawd, Moltbot, OpenClaw

The naming saga is worth understanding because it illustrates the gravitational pull that the major AI labs exert on the entire ecosystem. Steinberger originally named the project Clawdbot in November 2025, a deliberate play on Anthropic's Claude with a lobster theme<sup><a href="#source-7">[7]</a></sup>.


The irony is thick. Anthropic's trademark enforcement on the name "Clawd" may have inadvertently pushed the project toward a rebrand that made it sound more like a serious platform ("OpenClaw") rather than a cute bot, and that professional positioning is arguably what attracted Meta and OpenAI's attention at the scale it did.

## The Architecture: Why OpenClaw Actually Works

Here's what's often overlooked in the hype cycle: OpenClaw's architecture makes several genuinely smart technical decisions that explain its adoption, even if the underlying techniques aren't novel.


The Semantic Snapshots approach for web browsing deserves special attention. Instead of relying on screenshots (expensive in tokens, slow to process, and brittle), OpenClaw parses accessibility trees to understand web page structure<sup><a href="#source-7">[7]</a></sup>. This reduces token costs significantly and increases accuracy for navigation tasks. It's the kind of practical engineering decision that separates tools people actually use from tools that demo well.


He is a genius with a lot of amazing ideas about the future.


The LLM-agnostic design is strategically critical. OpenClaw works with Claude, DeepSeek, OpenAI models, and others. This means that even as Steinberger joins OpenAI, the framework itself isn't locked to GPT. Whether OpenAI will maintain that neutrality once OpenClaw becomes "core to our product offerings" is the question every current OpenClaw user should be asking.

## The Acqui-Hire: Why OpenAI Won and Meta Lost

Let's be clear about what happened here. Both Meta and OpenAI made acquisition offers. Meta reportedly floated a mid-nine-figure cash-and-stock package, potentially in the hundreds of millions<sup><a href="#source-6">[6]</a></sup>. Steinberger's non-negotiable condition was that OpenClaw remain open-source. OpenAI agreed. Meta, presumably, either didn't or couldn't match the structural arrangement.


The financial dynamics are remarkable. OpenClaw had no venture funding. Steinberger built it as a solo weekend project, self-funded from the proceeds of his previous exit (PSPDFKit sold to Insight Partners for over $100M)<sup><a href="#source-8">[8]</a></sup>. The project had approximately $20,000 in running losses. And it attracted offers valued in the hundreds of millions to billions<sup><a href="#source-9">[9]</a></sup>.

**~$20K** — OpenClaw's total running losses before billion-dollar bids


Steinberger's stated reasoning is worth taking at face value: "What I want is to change the world, not build a large company, and teaming up with OpenAI is the fastest way to bring this to everyone"<sup><a href="#source-2">[2]</a></sup>. For OpenAI, the strategic logic is equally clear. The company that controls the agent layer, the software that translates model intelligence into real-world action, controls the most valuable piece of the AI stack.

## The Security Problem: 512 Vulnerabilities and Counting

Here's the uncomfortable truth that the acqui-hire celebration is overshadowing. OpenClaw has a security problem that ranges from concerning to disqualifying, depending on how it's deployed.

- **512**: Total Vulnerabilities
- **8**: Critical Flaws
- **8.8**: CVE-2026-25253 CVSS
- **~1,000**: Exposed Installations
- **API Keys**: Data Exposed
- **Months**: Chat Histories


The CVE-2026-25253 vulnerability is particularly alarming. OpenClaw's Control UI automatically trusts a `gatewayURL` query parameter and establishes a WebSocket connection including the user's auth token without verifying the origin<sup><a href="#source-10">[10]</a></sup>. An attacker can craft a single malicious link that, when clicked, gives them full control of the victim's OpenClaw installation.

Researchers demonstrated extracting plaintext API keys (including Anthropic API keys), Telegram bot tokens, Slack credentials, months of chat histories, and full system administrator privileges from exposed installations<sup><a href="#source-4">[4]</a></sup>.

> **The Fundamental Security Paradox**
>
> OpenClaw's core value proposition, an AI agent that autonomously browses the web, reads your email, and executes shell commands, is inherently at odds with security best practices. The agent must process untrusted content (web pages, emails, messages) to do its job. But processing untrusted content is exactly how prompt injection attacks work. This isn't a bug to be fixed. It's a fundamental architectural tension that every AI agent framework must navigate, and one that OpenAI now owns[4].


## The Strategic Play: OpenAI's Agent Layer Ambitions

The acqui-hire of Steinberger fits into a broader OpenAI strategy that's been building since late 2025. The company has been steadily expanding from "best model" to "best platform," and the agent layer is the next logical frontier.


What's often overlooked is why this matters more than model improvements. A 2% improvement in benchmark performance changes nothing about how enterprises use AI. An agent that can reliably book flights, manage email, and execute multi-step workflows across platforms changes everything. The agent layer is where model intelligence becomes economic value, and OpenClaw proved that 1.5 million people are ready for it right now.

The competitive implications are significant. Google has been building agent frameworks into Gemini. Anthropic has Claude Code and Model Context Protocol. Meta has been investing heavily in open-source AI tools. By acquiring the team behind the most popular open-source agent framework, OpenAI is making a preemptive move to define the category before competitors can.

## Peter Steinberger: The Builder Behind the Bot

Understanding Steinberger is essential to understanding why OpenClaw succeeded where dozens of similar projects didn't. He's not an AI researcher. He's a product builder who stumbled into the AI agent space and brought consumer product instincts to a field dominated by research lab thinking.

His previous company, PSPDFKit, is instructive. He bootstrapped a PDF SDK into a B2B product used by Apple, Disney, and Dropbox, then sold it to Insight Partners for over $100M<sup><a href="#source-8">[8]</a></sup>. After the sale, he went through what he describes as a period of soul-searching, including travel, therapy, and ayahuasca. He rediscovered his passion by diving into AI in 2024.

The OpenClaw prototype was built in approximately one hour as a weekend project<sup><a href="#source-7">[7]</a></sup>. What turned a weekend hack into a phenomenon wasn't technical sophistication. It was the insight that the best interface for an AI agent isn't a custom app or a command line. It's the messaging platforms people already use every day. That's a product insight, not a technical one.


The uncomfortable truth is that OpenClaw's success has less to do with AI innovation and more to do with distribution and product instincts. Some AI researchers have publicly questioned whether the project represents genuine technical advancement<sup><a href="#source-5">[5]</a></sup>. That criticism misses the point. The battle for the agent layer won't be won by the most sophisticated architecture. It will be won by the framework that the most people actually use. And right now, that's OpenClaw by a massive margin.

> **The Bottom Line**
>
> OpenClaw's journey from weekend project to OpenAI acqui-hire in 90 days is the clearest signal yet that the AI industry's center of gravity is shifting from models to agents. OpenAI didn't pay for OpenClaw's technology. They paid for its distribution, its community, and the proof that 1.5 million people want an AI agent that does real things in the real world. The question now is whether OpenAI can solve the security problems that come with autonomous agents before a high-profile breach turns public enthusiasm into public fear.


*Last updated: February 17, 2026*

---

*Source: [LLM Rumors](https://www.llmrumors.com/news/openclaw-openai-acquihire-agent-race)*