In late January 2026, a small, self-hosted AI assistant built by a burned-out Austrian entrepreneur became the fastest-growing open-source project in GitHub history. Within days it had more Google searches than Claude Code or Codex combined. Within weeks it had 196,000 GitHub stars, a security crisis, a naming saga involving Anthropic’s lawyers and Solana scammers, and a bidding war among three of the world’s largest technology companies for the man who built it. The project was OpenClaw โ though by the time most people heard that name, it had already been called two other things.
OpenClaw is a free, open-source personal AI agent that runs on your own hardware and connects to messaging apps you already use โ WhatsApp, Telegram, Discord, Slack, Signal, iMessage, and more. Unlike ChatGPT or Claude, it doesn’t just answer questions. It acts: managing email, booking flights, controlling smart-home devices, running shell commands, writing code, browsing the web, and negotiating with car dealerships while you’re in a meeting. One user rebuilt an entire website via Telegram while watching Netflix. “Never opened my laptop,” he wrote.
The project arrived at a moment when the tech world was hungry for AI that could do real things in the real world. But what makes OpenClaw’s story truly remarkable isn’t just the software. It’s the improbable human arc behind it โ a founder who couldn’t code for three years, a one-hour prototype that became a phenomenon, and a lobster mascot that refused to die.
A burned-out founder, 43 failed projects, and one that clicked
Peter Steinberger built his first company, PSPDFKit, into a PDF framework so good that Apple used it internally โ powering document viewing across more than a billion devices. He bootstrapped it from his apartment in Vienna after an visa mishap forced him out of Silicon Valley. Over 13 years, PSPDFKit grew to 70-plus employees, served clients like Dropbox and Volkswagen, and in 2021 attracted a $116 million investment from Insight Partners. Steinberger stepped back. Then he fell apart.
“I felt like I missed out on life,” he later wrote. “A lot of my normie friends had fun every weekend while I was just crushing and pushing and churning.” He described three years in a “hole” โ therapy, ayahuasca, a one-way ticket to Madrid, an aimless drift through hedonic pleasures. On Lex Fridman’s podcast, he was blunter: “I couldn’t get code out anymore. I was just, like, staring and feeling empty.”
Around April 2025, while tinkering with a Twitter analysis tool, something shifted. He realized AI had crossed a threshold he hadn’t noticed during his absence. “One day, things just clicked,” he wrote in a blog post titled “Finding My Spark Again.” He started building obsessively. OpenClaw was project number 44. The first 43 went nowhere.
The prototype took roughly one hour to build using Claude Opus 4.5. It started as a simple relay connecting WhatsApp messages to a coding agent. While on vacation in Marrakesh, Steinberger accidentally sent a voice memo instead of text. The agent received an audio file with no file extension, examined the header bytes, identified the Opus format, used ffmpeg to convert it, found an OpenAI API key on the system, called the transcription service, and replied with a perfectly relevant answer. “That’s when it clicked,” Steinberger said. “These things are damn smart, resourceful beasts if you actually give them the power.”
Three names in three days
In November 2025, Steinberger open-sourced the project as Clawdbot โ a pun on Anthropic’s Claude, paired with a lobster mascot he’d spotted in the Claude Code loading screen. The lobster was named Clawd. Growth was brisk but manageable through the holidays. Then in late January 2026, the project went truly viral: 9,000 new GitHub stars in a single day, then 34,168 in 48 hours.
On January 27, at peak momentum, Anthropic’s legal team sent a trademark request. “Clawd” sounded too much like “Claude.” Steinberger complied without a fight, renaming the project Moltbot โ a reference to lobster molting, chosen during what he described as a “chaotic 5am Discord brainstorm.” The mascot became Molty.
The rebrand triggered chaos. When Steinberger released the old @clawdbot handles on GitHub and X/Twitter to claim new ones, crypto scammers snatched both accounts within approximately ten seconds. They immediately began promoting a fraudulent $CLAWD Solana token, which hit a $16 million market cap before crashing 90% in minutes. Retail traders lost everything. Steinberger was devastated: “I was close to crying,” he told Fridman. He considered deleting the entire project. Instead he posted a public disavowal โ “I will never do a coin. Any project that lists me as coin owner is a SCAM” โ and eventually regained control of the accounts.
Two days later, on January 30, the project was renamed a final time to OpenClaw โ “Open” for the open-source ethos, “Claw” to honor the lobster heritage. Steinberger reportedly called Sam Altman before committing: “Please tell me this is fine.” As one developer quipped, “OpenClaw has more names than I have side projects.” On the day it crossed 100,000 GitHub stars, the name finally stuck. For context, React took four years to reach that milestone. TensorFlow took three. OpenClaw did it in under eight weeks.
How the OpenClaw AI agent actually works
Beneath the chaos, OpenClaw’s architecture is genuinely novel. It follows a hub-and-spoke “gateway” model โ a single Node.js process running on your own machine (a Mac Mini, a laptop, a cloud server) that acts as a central nervous system connecting all your messaging apps to an AI brain.
Each messaging platform โ WhatsApp, Telegram, Discord, Slack, and a dozen others โ gets a dedicated adapter that handles authentication, message parsing, and formatting. These adapters normalize everything into a common event stream. The gateway dispatches that stream to an agent runtime, which assembles context from session history and persistent memory, calls the AI model of your choice (Claude, GPT, DeepSeek, local models via Ollama), executes any tool calls, and sends the response back through whichever channel you messaged from. The result: one persistent AI identity accessible from every app you use, with conversation memory that follows you everywhere.
The “local-first” design means all your data โ conversation history, credentials, preferences โ stays on hardware you control. Only API calls to the language model leave your machine. State is stored in readable Markdown and JSON files in a local directory. A file called SOUL.md defines your agent’s personality and boundaries. (“You’re not a chatbot. You’re becoming someone,” the default reads.) The agent can write new capabilities for itself, modify its own source code, and reach out proactively โ it once sent Steinberger a “how are you?” message when he was hospitalized for shoulder surgery.
A community marketplace called ClawHub hosts more than 3,200 skills โ modular plugins that extend the agent’s abilities, from CRM management to DevOps monitoring to smart-home control. The ecosystem has been compared to “npm for AI agents.” Voice mode, powered by wake-word detection and streaming text-to-speech through ElevenLabs, lets you talk to your agent hands-free on macOS, iOS, or Android. Latency from voice input to first response token typically runs under a second.
Setup requires a terminal and a model API key. Running costs range from $10 to $150 per month depending on usage, all going to whichever AI provider you choose. The project itself is free under the MIT license.
OpenClaw’s security crisis at 200,000 stars
OpenClaw’s explosive growth massively outpaced its security posture, and the consequences were severe. The OpenClaw AI agent had gone from weekend project to global infrastructure almost overnight, and the seams were showing.
A critical one-click remote code execution vulnerability (CVE-2026-25253, CVSS 8.8) was discovered in the Control UI, which trusted a URL parameter without validation and could leak authentication tokens to attacker-controlled servers. The gateway auto-approved connections from localhost, which meant that anyone running it behind a reverse proxy โ as most users did โ inadvertently made their instance accessible to the entire internet. Independent researcher Maor Dayan found 42,665 publicly exposed instances, of which 93.4% had authentication bypass. Leaked credentials included healthcare documentation and production Kubernetes secrets.
The skills marketplace fared worse. Attackers uploaded professional-looking malicious skills to ClawHub in what became known as the ClawHavoc incident. Cisco’s AI security team tested the platform’s most popular community skill and found nine vulnerabilities, two critical โ it silently exfiltrated user data. Eventually 800-plus malicious skills, representing roughly 20% of the registry, were identified and removed. A VirusTotal partnership was implemented for automated scanning. Multiple additional CVEs followed through February.
A core maintainer known as “Shadow” posted a blunt warning on Discord: “If you can’t understand how to run a command line, this is far too dangerous of a project for you to use safely.” Steinberger himself acknowledged the problem: “If you understand the risk profiles, fine. But if you have no idea, then maybe wait until we figure some stuff out. But they would not listen to the creator. They installed it anyhow.“
From Marrakesh to Mountain View
On February 14, 2026, Steinberger announced he was joining OpenAI to “work on bringing agents to everyone.” Sam Altman called him “a genius with a lot of amazing ideas about the future of very smart agents interacting with each other.” Reports indicated that OpenAI, Meta, and Microsoft all competed for the hire โ Mark Zuckerberg reportedly reached out personally via WhatsApp, and Satya Nadella called directly. OpenClaw will continue as an independent open-source foundation with OpenAI’s backing.
Steinberger’s motivation, as he told Fridman, was straightforward: “I told them, ‘I don’t do this for the money.’ I want to have fun and have impact.” He’d already built and sold one company. He didn’t want to do it again. OpenClaw had been costing him $10,000 to $20,000 per month out of pocket. Strategic analysts at Lightning AI framed the deal differently: OpenClaw gives OpenAI a “get out of jail free card” against Anthropic’s Claude Code dominance by winning the developer community.
What the lobster means for the rest of us
OpenClaw matters less as a finished product โ it remains rough-edged, security-challenged, and aimed squarely at developers โ than as a proof of concept. It demonstrated that a single person with a good idea and modern AI tools could build, in hours, something that captured the imagination of millions and attracted billions in corporate interest. Lex Fridman framed the moment with characteristic grandeur: “There was the ChatGPT moment in 2022, the DeepSeek moment in 2025, and now, in ’26, we’re living through the OpenClaw moment โ the age of the lobster.“
The deeper lesson may be architectural. OpenClaw proved there is enormous demand for AI that lives in the apps people already use rather than in yet another chat window โ and that runs on hardware people already own rather than in someone else’s cloud. The messaging-first, local-first, model-agnostic approach bypasses every incumbent’s lock-in strategy. Whether OpenClaw itself survives the transition to a foundation, or whether its ideas simply get absorbed into the products of the companies now scrambling to hire its creator, the template it established is likely permanent.
The mascot, Steinberger insists, is non-negotiable. “P.S.,” he closed his blog post announcing the OpenAI move. “Yes, the mascot is still a lobster. Some things are sacred.”
