In San Francisco, it feels like OpenClaw is everywhere. Even, potentially, some places it’s not designed to be. According to posts on social media, people appear to be using the viral AI tool to scrape websites and access information, even when those sites have taken explicit anti-bot measures.

One of the ways they are allegedly doing this is through an open source tool called Scrapling, which is designed to bypass anti-bot systems like Cloudflare Turnstile. While Scrapling, which was built with Python, works with multiple types of AI agents, OpenClaw users appear to be particularly fond of the software. On Monday, viral posts promoting Scrapling as a tool for OpenClaw users started to spread on X. Since its release, Scrapling has been downloaded over 200,000 times.

“No bot detection. No selector maintenance. No Cloudflare nightmares,” reads one viral post this week about the open source tool. “OpenClaw tells Scrapling what to extract. Scrapling handles the stealth.”

Cloudflare is not enthused. The company already blocked previous versions of Scrapling, since users of the open source software kept trying to get around anti-scraping protections. This week, the company was working on a patch for Scrapling’s most recent iteration. “We make changes, and then they make changes,” says Dane Knecht, chief technology officer at Cloudflare. He says the company’s trove of website data and its ability to track trends has given it the upper hand.

“We already had a signal that they’re starting to get a higher ability to get around us,” says Knecht. “The team of security operations engineers had already been working on a new set of mediations.”

Large language models were trained on the corpus of the internet—and the process involved a lot of scraping. In some sense, Scrapling users are following in the footsteps of the original model builders, but on a more individualized scale.

Over the past few years, website owners have attempted to put up additional anti-bot protections, either to block software like Scrapling or to find a way to make money off of the bots trying to access their sites. In turn, Cloudflare has been working overtime to keep blocking increasingly powerful bots attempting to get around these protections.

In July 2024, Cloudflare started to offer its customers additional tools that block AI crawlers, unless the bots pay for access. In less than the span of a year, the company claims to have blocked 416 billion unsolicited scraping attempts.

“I Didn’t Know What I was Getting Into”

As Scrapling gained traction in recent days, crypto enthusiasts capitalized on the attention by launching a $Scrapling memecoin. Karim Shoair, who claims to be the sole developer of Scrapling, posted about the memecoin on X (those posts have since been deleted). After the price skyrocketed for around five hours, $Scrapling quickly fell off a cliff as users sold off their stakes. “Bunch of fucking scammers,” reads one comment on the Pump.Fun site that hosts the coin.

“I didn’t know what I was getting into when people made that coin and I endorsed it,” says Shoair, in a direct message with WIRED. “But once I knew, I didn’t want any association with it and the money I withdrew before will go to charity, I won’t benefit from it in anyway. Or maybe just leave it to be wasted.”

In the fallout of this event, the unofficial GitHub Projects Community account, which has over 300,000 followers on X, deleted its posts from this week highlighting Scrapling’s open source software, and appeared to distance itself from the project. “We do not support, promote, or engage in crypto assets, token offerings, trading activity, or crypto-based fundraising,” it said in a post late Monday night.

Putting the crypto forays aside, most software leaders continue to see agents and autonomous AI tools as the future of the web. Even Knecht from Cloudflare, whose work includes blocking bots from nonconsensual scraping, wants to build toward a world where humans and agents benefit from online data and the wishes of website owners are respected. “I see a path forward for an internet that is both friendly to agents and humans,” he says.

This is an edition of Will Knight’s AI Lab newsletter. Read previous newsletters here.

The UK’s National Cyber Security Centre (NCSC) and its partner agencies in the Anglophone Five Eyes intelligence-sharing group have warned users of Cisco Catalyst Software Defined Wide Area Networks (SD-WAN) to take immediate action after identifying a cluster of threat activity targeting the widely used products.

The activity appears indiscriminate in its targeting, but the modus operandi is largely the same – following compromise, the as-yet-unnamed threat actors add a malicious rogue peer before conducting follow-on actions to achieve root access and maintain persistent access to the victim’s network.

“Our new alert makes clear that organisations using Cisco Catalyst SD-WAN products should urgently investigate their exposure to network compromise and hunt for malicious activity, making use of the new threat hunting advice produced with our international partners to identify evidence of compromise,” said NCSC chief technology officer (CTO) Ollie Whitehouse.

“UK organisations are strongly advised to report compromises to the NCSC, and to apply vendor updates and hardening guidance as soon as practicable to reduce the risk of exploitation,” he added.

The NCSC said the activity itself appeared to date back to 2023, and a series of vulnerabilities in Catalyst SD-WAN Manager and Catalyst SD-WAN Controller have now been patched by Cisco.

Chief among these issues, and of most concern to Cisco, is CVE-2026-20127, an authentication bypass vulnerability in Catalyst SD-WAN.

In an advisory, Cisco said the vulnerability arose due to a failure of the peering authentication mechanism on an affected system.

“An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric,” the supplier said.

“Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.”

Organisations with management interfaces exposed to the public internet appear to be at greatest risk of compromise – exposing management interfaces to the internet is extremely ill-advised.

Besides performing threat hunting for evidence of compromise as detailed in a newly-published Hunt Guide – available here – security teams should immediately update to the appropriate fixed latest versions of Catalyst SD-WAN Manager and Controller, and apply the Cisco Catalyst SD-WAN Hardening Guide now available from Cisco.

UK-based organisations that discover they may have been compromised are advised to immediately collect artefacts from the relevant device and report it to the NCSC.

In the US, the Cybersecurity and Infrastructure Security Agency (Cisa) has issued a parallel emergency directive instructing government organisations to take action by 23:59 EST (04:59 GMT) on Thursday 26 February, and to have fully applied the patches by 17:00 EST on Friday.