Can you speak a little bit more to the stats in the OP?

* 135k+ OpenClaw instances are publicly exposed * 63% of those run zero authentication. Meaning the "low privilege required" in the CVE = literally anyone on the internet can request pairing access and start the exploit chain

Is this accurate? This is definitely a very different picture then the one you paint