TL;DR: OpenClaw, the open-source AI agent that lets you run autonomous tasks through WhatsApp, Telegram, and Slack, went from zero to 190,000+ GitHub stars in under 90 days, making it the 21st most-starred repo in GitHub history[1]. Creator Peter Steinberger turned down a mid-nine-figure offer from Meta and chose OpenAI, where he'll join the ChatGPT division while OpenClaw moves to an independent foundation[2]. Sam Altman called him "a genius with a lot of amazing ideas about the future"[3]. But security researchers found 512 vulnerabilities, 8 of them critical, including a CVSS 8.8 remote code execution flaw that exposed plaintext API keys and full system access on nearly 1,000 unprotected installations[4].
The real story of OpenClaw isn't the GitHub stars, and it isn't the acqui-hire. It's what this project reveals about where the AI industry is actually heading: the battle for the agent layer. Not who builds the smartest model, but who controls the software that sits between the model and the real world, the thing that books your flights, manages your email, and runs your shell commands.
OpenAI didn't hire Peter Steinberger because OpenClaw is technologically groundbreaking. Some AI researchers have publicly questioned whether it is[5]. They hired him because OpenClaw proved, with 1.5 million AI agents created by real users, that autonomous personal agents aren't a research concept anymore. They're a product category. And OpenAI wants to own it.
Why This Matters Now
On February 14, 2026, Steinberger announced he's joining OpenAI. Sam Altman confirmed it the next day, stating that OpenClaw will "live in a foundation" and "we expect this will quickly become core to our product offerings"[2]. This is OpenAI's clearest signal yet that the next phase of AI competition isn't about model intelligence. It's about agent infrastructure: who builds the system that turns intelligence into action. Meta wanted the same thing and was willing to pay hundreds of millions for it[6].
From Weekend Hack to 190,000 Stars: The Fastest Rise in Open-Source History
The timeline of OpenClaw's growth is genuinely without precedent. React took four years to reach 100,000 GitHub stars. TensorFlow took three. OpenClaw crossed that threshold in under eight weeks[1].
By The Numbers
21st most-starred repo in GitHub history
Active contributor ecosystem
30-day download volume
By real users on the platform
Week after January 30 rebrand
Day one viral moment
What makes this growth structurally different from typical open-source virality is that OpenClaw isn't a developer tool. It's a consumer product that happens to be open-source. The 1.5 million AI agents weren't created by engineers experimenting with a new framework. They were created by people who wanted an AI to manage their calendars, send WhatsApp messages, and browse the web on their behalf. Steinberger's stated mission is to "build an agent that even my mum can use"[2]. That consumer accessibility is precisely what makes it valuable to OpenAI.
The Triple Rebrand: Clawd, Moltbot, OpenClaw
The naming saga is worth understanding because it illustrates the gravitational pull that the major AI labs exert on the entire ecosystem. Steinberger originally named the project Clawdbot in November 2025, a deliberate play on Anthropic's Claude with a lobster theme[7].
The OpenClaw Timeline
Key milestones in development
| Date | Milestone | Significance |
|---|---|---|
| Nov 2025 | Clawdbot Prototype | Steinberger builds first prototype in approximately one hour as a weekend project |
| Jan 27, 2026 | Renamed to Moltbot | Anthropic raises trademark concerns over phonetic similarity between 'Clawd' and 'Claude' |
| Jan 29, 2026 | Renamed to OpenClaw | Final rebrand. 'Moltbot never quite rolled off the tongue.' Open-source ethos emphasized |
| Jan 30, 2026 | 106K+ GitHub Stars | Hits 106,000+ stars within 48 hours of rebrand. 9,000 stars in first 24 hours |
| Feb 2, 2026 | 135K Stars, 200K npm | Crosses 135,000 GitHub stars and 200,000 npm downloads in under a week |
| Feb 7-12 | Acquisition Offers | Reports of offers from Meta (mid-nine figures) and OpenAI surface publicly |
| Feb 14, 2026 | Joins OpenAI | Steinberger announces joining OpenAI. OpenClaw to move to independent foundation |
| Feb 15, 2026 | Altman Confirms | Sam Altman confirms on X: 'a genius with a lot of amazing ideas about the future' |
The irony is thick. Anthropic's trademark enforcement on the name "Clawd" may have inadvertently pushed the project toward a rebrand that made it sound more like a serious platform ("OpenClaw") rather than a cute bot, and that professional positioning is arguably what attracted Meta and OpenAI's attention at the scale it did.
The Architecture: Why OpenClaw Actually Works
Here's what's often overlooked in the hype cycle: OpenClaw's architecture makes several genuinely smart technical decisions that explain its adoption, even if the underlying techniques aren't novel.
OpenClaw Technical Architecture
Gateway + Lane Queue
A single process holds all channel connections and the control plane. The Lane Queue defaults to serial execution to prevent race conditions, solving a core problem in autonomous agent systems.
Messaging-First Interface
Uses WhatsApp, Telegram, Discord, Slack, Signal, and Teams as the primary UI. No custom app to install. The agent lives where the user already communicates.
Local-First Memory
All memory stored as Markdown files on the user's machine. No cloud dependency for state. The user owns their data completely.
Heartbeat Daemon
A scheduled daemon that acts without user prompting, enabling truly autonomous workflows like monitoring, scheduled tasks, and proactive notifications.
The Semantic Snapshots approach for web browsing deserves special attention. Instead of relying on screenshots (expensive in tokens, slow to process, and brittle), OpenClaw parses accessibility trees to understand web page structure[7]. This reduces token costs significantly and increases accuracy for navigation tasks. It's the kind of practical engineering decision that separates tools people actually use from tools that demo well.
The LLM-agnostic design is strategically critical. OpenClaw works with Claude, DeepSeek, OpenAI models, and others. This means that even as Steinberger joins OpenAI, the framework itself isn't locked to GPT. Whether OpenAI will maintain that neutrality once OpenClaw becomes "core to our product offerings" is the question every current OpenClaw user should be asking.
The Acqui-Hire: Why OpenAI Won and Meta Lost
Let's be clear about what happened here. Both Meta and OpenAI made acquisition offers. Meta reportedly floated a mid-nine-figure cash-and-stock package, potentially in the hundreds of millions[6]. Steinberger's non-negotiable condition was that OpenClaw remain open-source. OpenAI agreed. Meta, presumably, either didn't or couldn't match the structural arrangement.
| Feature | OpenAI Offer | Meta Offer |
|---|---|---|
| Structure | Acqui-hire + Foundation | Traditional acquisition |
| Open-Source Commitment | Yes, independent foundation | Unclear / not committed |
| Financial Terms | Undisclosed | Mid-nine figures (reported) |
| Integration | ChatGPT division | Unknown |
| Steinberger's Choice | Accepted | Declined |
The financial dynamics are remarkable. OpenClaw had no venture funding. Steinberger built it as a solo weekend project, self-funded from the proceeds of his previous exit (PSPDFKit sold to Insight Partners for over $100M)[8]. The project had approximately $20,000 in running losses. And it attracted offers valued in the hundreds of millions to billions[9].
Steinberger's stated reasoning is worth taking at face value: "What I want is to change the world, not build a large company, and teaming up with OpenAI is the fastest way to bring this to everyone"[2]. For OpenAI, the strategic logic is equally clear. The company that controls the agent layer, the software that translates model intelligence into real-world action, controls the most valuable piece of the AI stack.
The Security Problem: 512 Vulnerabilities and Counting
Here's the uncomfortable truth that the acqui-hire celebration is overshadowing. OpenClaw has a security problem that ranges from concerning to disqualifying, depending on how it's deployed.
By The Numbers
Found in security audit
Classified as critical severity
Remote code execution via crafted link
Running without authentication
Plaintext Anthropic/Telegram tokens found
Full conversation logs accessible
The CVE-2026-25253 vulnerability is particularly alarming. OpenClaw's Control UI automatically trusts a gatewayURL query parameter and establishes a WebSocket connection including the user's auth token without verifying the origin[10]. An attacker can craft a single malicious link that, when clicked, gives them full control of the victim's OpenClaw installation.
Researchers demonstrated extracting plaintext API keys (including Anthropic API keys), Telegram bot tokens, Slack credentials, months of chat histories, and full system administrator privileges from exposed installations[4].
The Fundamental Security Paradox
OpenClaw's core value proposition, an AI agent that autonomously browses the web, reads your email, and executes shell commands, is inherently at odds with security best practices. The agent must process untrusted content (web pages, emails, messages) to do its job. But processing untrusted content is exactly how prompt injection attacks work. This isn't a bug to be fixed. It's a fundamental architectural tension that every AI agent framework must navigate, and one that OpenAI now owns[4].
The Strategic Play: OpenAI's Agent Layer Ambitions
The acqui-hire of Steinberger fits into a broader OpenAI strategy that's been building since late 2025. The company has been steadily expanding from "best model" to "best platform," and the agent layer is the next logical frontier.
The AI Agent Stack OpenAI Is Building
Foundation Models
GPT-5, GPT-5.2, o3: the intelligence layer that understands and reasons
Agent Infrastructure
OpenClaw integration: the layer that translates intelligence into autonomous action
User Interfaces
ChatGPT, API, messaging platforms: where users interact with and direct agents
Memory & State
Local-first memory, workspace context, persistent agent identity across sessions
What's often overlooked is why this matters more than model improvements. A 2% improvement in benchmark performance changes nothing about how enterprises use AI. An agent that can reliably book flights, manage email, and execute multi-step workflows across platforms changes everything. The agent layer is where model intelligence becomes economic value, and OpenClaw proved that 1.5 million people are ready for it right now.
The competitive implications are significant. Google has been building agent frameworks into Gemini. Anthropic has Claude Code and Model Context Protocol. Meta has been investing heavily in open-source AI tools. By acquiring the team behind the most popular open-source agent framework, OpenAI is making a preemptive move to define the category before competitors can.
Peter Steinberger: The Builder Behind the Bot
Understanding Steinberger is essential to understanding why OpenClaw succeeded where dozens of similar projects didn't. He's not an AI researcher. He's a product builder who stumbled into the AI agent space and brought consumer product instincts to a field dominated by research lab thinking.
His previous company, PSPDFKit, is instructive. He bootstrapped a PDF SDK into a B2B product used by Apple, Disney, and Dropbox, then sold it to Insight Partners for over $100M[8]. After the sale, he went through what he describes as a period of soul-searching, including travel, therapy, and ayahuasca. He rediscovered his passion by diving into AI in 2024.
The OpenClaw prototype was built in approximately one hour as a weekend project[7]. What turned a weekend hack into a phenomenon wasn't technical sophistication. It was the insight that the best interface for an AI agent isn't a custom app or a command line. It's the messaging platforms people already use every day. That's a product insight, not a technical one.
What OpenClaw's Rise Tells Us About AI Agents
The agent layer is now a product category, not a research concept
1.5 million AI agents created by real users proves that autonomous personal agents have crossed from research demo to genuine consumer demand. Every major AI company will need an agent strategy.
Open-source agents will coexist with proprietary ones
Steinberger's non-negotiable demand that OpenClaw remain open-source, and OpenAI's agreement to it, signals that the agent layer will be a hybrid ecosystem. Proprietary models powering open-source agent frameworks.
Security is the unsolved problem that could derail everything
512 vulnerabilities in the most popular agent framework means the entire AI agent category has a security credibility problem. Enterprise adoption will be gated by security improvements.
Consumer distribution beats technical sophistication
OpenClaw's messaging-first approach (WhatsApp, Telegram, Slack) drove adoption faster than any technically superior but interface-poor alternative. The best agent is the one people actually use.
The acqui-hire model is the new AI talent acquisition playbook
Build a viral open-source project, attract hundreds of millions in offers, join the highest-bidder while keeping the project open. Steinberger's path from weekend hack to OpenAI is now a template.
The uncomfortable truth is that OpenClaw's success has less to do with AI innovation and more to do with distribution and product instincts. Some AI researchers have publicly questioned whether the project represents genuine technical advancement[5]. That criticism misses the point. The battle for the agent layer won't be won by the most sophisticated architecture. It will be won by the framework that the most people actually use. And right now, that's OpenClaw by a massive margin.
The Bottom Line
OpenClaw's journey from weekend project to OpenAI acqui-hire in 90 days is the clearest signal yet that the AI industry's center of gravity is shifting from models to agents. OpenAI didn't pay for OpenClaw's technology. They paid for its distribution, its community, and the proof that 1.5 million people want an AI agent that does real things in the real world. The question now is whether OpenAI can solve the security problems that come with autonomous agents before a high-profile breach turns public enthusiasm into public fear.
Sources & References
Key sources and references used in this article
| # | Source | Outlet | Date | Key Takeaway |
|---|---|---|---|---|
| 1 | OpenClaw GitHub Repository | |||
| 2 | Peter Steinberger: OpenClaw, OpenAI and the Future | |||
| 3 | TechRadar: Sam Altman says OpenClaw founder is 'a genius' | |||
| 4 | Cisco Blog: Personal AI Agents like OpenClaw Are a Security Nightmare | |||
| 5 | TechCrunch: Some AI experts don't think OpenClaw is all that exciting | |||
| 6 | Decrypt: OpenClaw Creator Gets Big Offers | |||
| 7 | DigitalOcean: What is OpenClaw? | |||
| 8 | CNBC: OpenClaw creator Peter Steinberger joining OpenAI | |||
| 9 | ainvest: OpenClaw acquisition offers expectation gap | |||
| 10 | The Hacker News: OpenClaw Bug Enables One-Click RCE | |||
| 11 | SiliconANGLE: OpenAI hires OpenClaw founder in push toward autonomous agents | |||
| 12 | Computerworld: OpenAI hires OpenClaw founder as AI agent race intensifies |
Last updated: February 17, 2026
