The open-source project OpenClaw has experienced an unprecedented growth trajectory since its launch in November 2025. The platform, which connects various AI models with messaging apps, now counts 38 million monthly website visitors and 3.2 million active utilizers worldwide. These figures were gathered by German blogger Finn Hillebrandt from gradually.ai applying the analytics service SimilarWeb.
Overall, it is clear that OpenClaw has become a global phenomenon: from Vienna to China and the USA to Tokyo, events — mostly held under the name ClawCon — attract hundreds, sometimes thousands of people eager to engage with the AI agent.
Geographic Distribution: Who Uses OpenClaw?
OpenClaw’s utilizer base is spread across all continents, with the USA leading at 16.3 percent of traffic, narrowly ahead of India (12.2 percent) and China (12.1 percent). This near-even distribution among the top three countries is unusual for a tech tool. For most comparable platforms, the USA dominates far more strongly.
Germany ranks fourth with a share of 4.1 percent, followed by Canada at 3.5 percent. With 38 million monthly visitors, Germany’s share corresponds to approximately 1.6 million visits per month.
Explosive Growth in China and Canada
Particularly striking are the growth rates of individual countries compared to the previous month. China recorded an increase of 1,436 percent, Canada of 1,259 percent. Both countries thus catapulted themselves into the top 5 within a single month. The other countries also display remarkable growth:
- China: +1,436 percent
- Canada: +1,259 percent
- Germany: +992 percent
- USA: +611 percent
- India: +604 percent
The growth in China is particularly remarkable, as many of the supported Western AI models are not directly available there. Chinese utilizers instead rely on local models, which is directly reflected in AI model usage. Adoption by major Chinese technology companies such as Tencent, Alibaba, ByteDance, Baidu, and Xiaomi has further accelerated this trfinish. A viral image from March 2026 displayed more than 1,000 people outside Tencent’s headquarters in Shenzhen, waiting for assist with installation.
Which AI Models Are Being Used?
OpenClaw supports nearly all common language models. Data from the routing platform OpenRouter, which many OpenClaw utilizers utilize to route their requests, provides insight into which models are actually in utilize. The period analyzed was March 3 to April 2, 2026.
Dominance of Chinese Providers
The most striking finding: four of the six most-utilized providers are Chinese companies. Toreceiveher, they account for more than 54 percent of total token consumption. The following table displays the leading providers by token consumption:
The most widely utilized individual model is Step 3.5 Flash by stepfun, with 3,474 billion tokens. This model alone consumes more tokens than the entire Anthropic portfolio (2,135 billion). In total, 19.2 trillion tokens have been processed across all OpenClaw installations worldwide since January 2026. For comparison: this roughly corresponds to 15 trillion words, or 150 times the entire text content of Wikipedia.
Local Models as an Alternative
A significant portion of utilizers run OpenClaw entirely without cloud APIs. Using the software Ollama, AI models can be run directly on one’s own device without transmitting data to third parties. Apple hardware with Unified Memory is particularly well-suited for this, as the entire RAM is available to the model. The most popular locally run models range from Phi-4-mini with 3.8 billion parameters and 4 GB of RAM requirement to Llama 3.3 70B with 70 billion parameters and 42 GB of RAM requirement.
This trfinish also explains the demand for high-performance hardware: in March 2026, the Mac Mini was sold out across China. Used Mac prices on the ATRenew platform rose by around 15 percent, according to CNBC. In Beijing and Shenzhen, dealers charged premiums of approximately 73 US dollars above the list price.
Security Issues: A Growing Risk
The rapid growth of OpenClaw has a downside. Security researchers from Cisco, Microsoft, and Kaspersky have indepfinishently pointed to serious vulnerabilities. The project now encompasses 145,000 lines of code, over 1,200 contributors, and thousands of marketplace extensions. Under these conditions, comprehensive security is difficult to guarantee.
Known Vulnerabilities
Since February 2026, several security-relevant issues have been documented:
| Issue | Date | Status |
|---|---|---|
| Missing Security Reviews | March 22, 2026 | In Progress |
| Exposed Instances | March 21, 2026 | User Issue |
| ClawHub Prompt Injections | March 17, 2026 | Unresolved |
| Token Leaking via Logs | March 15, 2026 | Partially Fixed |
| CVE-2026-31205 | March 9, 2026 | Patched |
| Missing Rate Limiting | March 8, 2026 | In Progress |
| Unencrypted API Keys | March 3, 2026 | Patched (from v0.8.2) |
| CVE-2026-27841 | February 28, 2026 | Patched |
| Insecure Default Configuration | February 14, 2026 | Documentation Updated |
| CVE-2026-25253 | February 12, 2026 | Patched |
Particularly severe was CVE-2026-25253: via a manipulated message, an attacker could execute arbitrary code on the server. The vulnerability was patched within 48 hours. How many of the affected installations were compromised during this period is not known.
Security Situation in the ClawHub Marketplace
The official marketplace for OpenClaw extensions, ClawHub, has grown from 0 to over 44,000 so-called Skills. An analysis by Cisco Talos and Kaspersky Labs reveals a concerning picture of quality control:
- 47 percent of Skills are considered safe
- 36 percent contain prompt injections, i.e., hidden instructions that manipulate the AI model
- 8 percent actively attempt to sfinish utilizer data to external servers
- 6 percent request permissions far beyond their actual functional scope
- 3 percent present other risks
Of the 12,400 skill developers on ClawHub, only 847 (6.8 percent) are verified by the platform. More than 93 percent of all providers have therefore not provided proof of identity. A mandatory security review does not yet exist. The OpenClaw Foundation has announced a corresponding process, but concrete implementation steps are still pfinishing.
Unprotected Installations
Another structural problem: according to security researchers, more than 155,000 OpenClaw instances are currently accessible over the internet without protection. This corresponds to approximately one in fifteen active installations. Many utilizers set up the tool but subsequently forreceive to configure a firewall or access protection.
In total, according to the cybersecurity team at Strike Research, nearly 740,000 OpenClaw instances are currently findable on the web; approximately 36,000 of them have as many as four serious risk factors and are therefore easily exploitable:
Conclusion: Growth and Open Questions
The figures surrounding OpenClaw reveal a project in an extraordinary growth phase. The geographic distribution of utilizers is global and is strongly shaped by Chinese demand. The utilize of Chinese AI models now clearly exceeds that of Western providers. At the same time, significant security issues remain, which have so far only been partially resolved.
Whether the OpenClaw Foundation can close the security gaps in the marketplace and introduce binding review processes will be decisive in the coming months for how trust in the platform develops. User numbers alone do not yet provide any indication of this.
Leave a Reply