React — the JavaScript framework that powers most of the modern web — spent over a decade accumulating 250,000 GitHub stars. It took the trust of hundreds of thousands of developers, years of tutorials, bootcamps, and enterprise adoption cycles. OpenClaw, an autonomous AI agent that came into existence just four months ago, exceeded that number on March 3, 2026, and continued its upward trend.

And while Silicon Valley was processing that record, something quieter happened. OpenClaw usage in China officially surpassed usage in the United States.

China Didn’t Just Adopt OpenClaw. It Absorbed It.

The scale of what’s happening in China is genuinely hard to wrap your head around. Chinese entrepreneurs identified the opportunity before almost anyone else, building and selling pre-packaged OpenClaw configurations, installation services, and customized deployments. The MIT Technology Review called it a gold rush.

The economics explain a lot. Chinese models like DeepSeek cost a fraction of what OpenAI, Anthropic, or Google charge for API access. An OpenClaw agent wired to DeepSeek runs at nearly zero operating cost. While Western developers are carefully budgeting their API spend, Chinese developers are running entire fleets of agents for the price of a coffee.

The major platforms moved fast, too. Baidu, with its 700 million monthly active users, integrated OpenClaw directly into its search application. Moonshot AI launched Kimi Cloud on the same day Steinberger announced his move to OpenAI — a browser-native agent requiring zero installation. Alibaba embedded its own AI into Taobao and Tmall, reporting more than 120 million orders processed via AI in just six days in early February.

The strategy is identical across all of them:

AI should not live in a separate app. It should live inside the tools people already use. China operationalized that insight faster than anyone in the West.

The Platform Is No Longer a Side Project

In two weeks of March alone, the OpenClaw team published 12 stable releases. The most significant change was the context engine, a complete overhaul of how the agent manages memory across long conversations.

Before this update, memory compression and context assembly were integrated directly into the system and could not be modified without examining the source. Now, developers can plug in their own memory strategies through full lifecycle hooks: aggressive compression, retrieval-augmented generation, and isolated sub-agent workspaces. For everyday users, the practical effect is that your agent stops losing the thread in a long exchange. The information stays intact. Developers testing the module in early access described the memory performance improvement as incomparable with anything that existed before.

The update also provides direct compatibility with numerous frontier models and an automated redirection system that shifts tasks when a model is overwhelmed, functioning like a smartphone exchange that directs your call to an open line instead of putting you on hold. A full agent state backup system before each update means you no longer lose your configuration mid-upgrade.

As of this week, the project has more than 1,000 contributors shipping code every single week, an Apple Watch app in development, automatic updates on macOS, and an iOS release in preparation.

This is not a Friday night project anymore.

A Vulnerability That Needed No Plugin to Work

On February 25, cybersecurity firm Oasis Security disclosed a critical vulnerability in OpenClaw’s core system. What made this one different from the earlier ClawHub marketplace attacks was its scope:

No plugin required, no third-party extension, no marketplace skill. Just a standard OpenClaw installation configured exactly as the official documentation recommends.

The mechanism is worth understanding because it reveals a structural blind spot. A developer has OpenClaw running on their machine. They visit a compromised website. Hidden JavaScript on that page opens a WebSocket connection to the local gateway. Browsers do not block connections to localhost — this is a known but chronically underestimated gap in web security. The script then brute-forces the password, which works because the system trusted anything arriving from a local host without rate-limiting local connections and automatically approved new device registration without asking the user for confirmation.

Think of it like a front door lock that automatically opens for anyone knocking from inside the building without verifying who they actually are.

Once authenticated, the attacker has complete control: API keys, files, emails, terminal commands — all invisible to the user. The severity score was 8.8 out of 10. The team patched the vulnerability in under 24 hours, which is genuinely impressive. But by that point, researchers had already identified more than 40,000 vulnerable instances exposed on the internet, with over 60% assessed as actively exploitable. Microsoft issued an official warning stating that OpenClaw was not suitable for standard workstations, personal, or professional.

More than 40 vulnerabilities, including remote code execution, authentication bypass, and command injection, were patched by the OpenClaw project in February of the previous year.

The deeper problem is structural, and it isn’t going away. An autonomous agent requires full access to your file system, your email, and your terminal. A single malicious instruction slipped into an email or a Teams message can redirect its behavior. Researchers call this prompt injection, and it is one of the most difficult unsolved challenges in the entire agentic AI field.

The parallel with early web browsers is hard to ignore. AI agents are living through the same adolescent security era that Internet Explorer navigated in the early 2000s, except the stakes are considerably higher.

Four Camps, Four Philosophies, One War

What’s unfolding now isn’t a feature race. It’s a philosophical conflict about what an AI agent should be, where it should live, and who should control it.

OpenClaw is the open-source, local-first option. You install the framework on your own machine, connect it to whichever model you prefer — Claude, ChatGPT, Gemini, DeepSeek, or a locally hosted model — and interact through more than 20 channels, including WhatsApp, Telegram, Discord, Slack, Signal, iMessage, and Teams. Full control. Free framework. You can run a 24/7 agent on a €150 mini PC with negligible electricity cost. The tradeoff is the attack surface and the real complexity of configuration that still exists today.

Manus AI, acquired by Meta for approximately $2 billion in late 2025, is the opposite. No installation is required. Everything runs in the cloud. You describe the task, Manus breaks it down and executes it in an isolated environment. The platform has added Telegram and Meta integrations, with WhatsApp, Facebook, and Instagram integrations planned — no surprise, given who signed the check. The friction point is cost: a credit system starting at $40 per month, where a complex task can burn through more than 900 credits with no warning before execution. And all your data passes through Meta’s servers, which, for any enterprise operating under strict data regulations, is a non-starter by definition. For others, the stability of that infrastructure is exactly the point.

Perplexity Computer, launched on February 25, takes a third approach built around orchestration. Perplexity doesn’t build frontier models. It’s best that the smartest move is to route each subtask to whichever model handles it best — Claude Opus 4.6 for complex reasoning, Gemini for deep research, Grok for fast turnaround, and so on across more than 20 models. On March 11, at its first developer conference called Ask 2026, Perplexity unveiled Personal Computer: software running continuously on a Mac mini that merges your local files and apps with its cloud infrastructure.

The security design is a direct response to OpenClaw’s problems: mandatory user confirmation before any sensitive action, a complete audit trail, and an emergency kill switch. The Enterprise version already integrates with Snowflake, Salesforce, HubSpot, and hundreds of other platforms. Across 16,000 benchmark queries tested against institutional standards from McKinsey, Harvard, MIT, and BCG, Perplexity claims the equivalent of 3.25 years of work completed in four weeks.

The cost: $200 per month for the Max tier.

ChatGPT Agent from OpenAI is the fourth camp — the merger of its operator and deep research capabilities into a single unified agentic system built directly into ChatGPT. It navigates the web, fills forms, executes code, builds editable presentations and spreadsheets, and supports recurring scheduled tasks, daily, weekly, or monthly. And this is precisely where Peter Steinberger’s recruitment makes complete sense. The developer who created the most viral open-source agent in history is now building the next generation of agents for the most widely used AI platform on the planet.

Why Claude Code and n8n Belong in This Conversation

Two tools that keep coming up in developer conversations about this landscape don’t fit neatly into the four-way war, and that’s exactly what makes them worth understanding separately.

Claude Code doesn’t want to be a personal AI generalist. It excels at one specific domain: code. It understands the full context of an entire codebase, modifies multiple files simultaneously, and recently launched Claude Code Review — a system that deploys parallel agents to analyze every pull request from different angles before synthesizing the results.

The internal results at Anthropic are striking. Code volume per developer increased by 200% over the past year. The percentage of code modifications receiving substantive review comments climbed from 16% to 54%. Claude Opus 4.6 agents recently wrote a C compiler in Rust capable of compiling the Linux kernel, at a cost of approximately $20,000. The result wasn’t fully automated, but it was the first time a language model had achieved it. Separately, Claude found more than 100 bugs in Firefox in two weeks, 14 of them classified as high severity.

Annualized revenue for Claude Code alone crossed $2.5 billion in February 2026, more than doubling since the start of the year. This is a surgical instrument for developers, not a general-purpose assistant.

n8n plays in an entirely different category. Where OpenClaw improvises and takes autonomous initiative, n8n operates on deterministic logic: step A triggers step B, step B triggers step C. You can introduce AI at specific nodes in the workflow, but the overall structure is predictable, repeatable, and fully auditable. For recurring business processes — automated billing, incoming mail sorting, database synchronization — this is exactly what you want.

No surprises.

No hallucinations.

No unexpected autonomous decisions.

The most sophisticated users aren’t choosing between these tools. They’re combining them: Claude Code for development, n8n for structured business automation, and OpenClaw or one of its competitors for adaptive real-time tasks. These aren’t rivals. They are complementary layers in an ecosystem that is being assembled, right now, in real time.

We Have Crossed a Line

We have spent the last two years debating which chatbot writes better prose, which model answers questions more accurately, and whether Claude or ChatGPT is a more pleasant conversationalist.

That debate is over. It was never the important one.

The era of passive AI is ending. What’s replacing it is software that reserves, purchases, analyzes, negotiates, and decides, running in the background of your life, whether you’re watching or not. The infrastructure for this is being built simultaneously by an Austrian developer’s open-source project, a Chinese startup backed by Alibaba, a search engine that doesn’t build its own models, and the company that invented the modern chatbot.

The real advantage in what’s coming won’t go to whoever adopts first or whoever resists longest. It will go to whoever understands what is actually being built right now and positions themselves accordingly.

The window for that is open. It won’t stay open indefinitely.

Thanks for reading. Please share your thoughts in the comments. If these advances in artificial intelligence fascinate you, and you’re wondering how these technologies will transform our world in the coming years, you’re in the right place.

Share

Sources: The Nov Tech, OpenClaw, Apple Insider, The Next Web, The New Stack, The Decoder, Yahoo Finance, Sacra, The Nov Tech, AI Business Weekly.