State of OpenClaw 2026: Enterprise Self-Hosted Agent Report Tracks368K Stars, Anthropic Crackdown, and Open Security Issues

The “State of OpenClaw 2026” report from Big Hat Group paints the clearest picture yet of where OpenClaw stands as it hurtles toward enterprise legitimacy.

**The numbers:**368,000 GitHub stars and12 million downloads as of May 2026. That’s not a hobby project anymore — that’s a platform.

The Anthropic standoff: The most contentious community story of the month. Reports surfaced that Claude Code detects HERMES.md files (OpenClaw’s agent configuration manifest) and OpenClaw-related commit messages, then either refuses the request or routes it to a premium “extra usage” billing tier. Users reported cost increases of up to 50x. The Hacker News thread accumulated 1,336 upvotes and 718 comments. Anthropic has not publicly addressed the reports.

The enterprise hardening landscape: NVIDIA’s NemoClaw — a hardened fork with NeMo guardrails and OpenShell sandboxes — gives risk-averse buyers something they can defend in an architecture review. Tencent’s commitment of full-time maintainers adds another layer of institutional credibility, particularly for Asian enterprise buyers.

The open problems: Critical security vulnerabilities remain unfixed, including credential theft and remote code execution vectors. For enterprise IT teams, this is the part that requires careful evaluation before production deployment.

The report’s90-day deployment roadmap is worth reading if you’re evaluating OpenClaw for organizational use. The short version: the rough edges are real, but the trajectory is clearly toward enterprise-grade maturity.