57% of US OpenClaw Instances Run on Foreign Cloud Infrastructure

When I scanned the internet for exposed OpenClaw instances, one finding stood out more than the zero authentication or the missing encryption: where these servers are actually hosted.

I filtered my Shodan scan to US-based IP addresses. Every instance in my dataset has an American IP. But when you look at the organizations behind those IPs, the picture shifts.

Over half of the exposed AI agent servers operating on US soil are hosted by foreign cloud providers — primarily Alibaba Cloud and Tencent Cloud, both Chinese-owned companies with data center regions in the United States.

The Numbers

Out of 1,200 sampled OpenClaw instances with US IP addresses:

When you add the unidentified providers (many of which trace back to foreign resellers and offshore VPS providers), the foreign infrastructure share climbs to an estimated 50-57%.

The Alibaba Dominance

Alibaba Cloud alone accounts for nearly a third of all exposed instances:

Alibaba has two entities operating in the US — Alibaba Cloud (the main cloud division) and Alibaba Cloud LLC (their US-incorporated subsidiary). Together they host 386 out of 1,200 exposed instances. That's nearly one in three.

Why Alibaba?

The most likely explanation is simple: price.

Alibaba Cloud's US regions are significantly cheaper than AWS, Google Cloud, or Azure for equivalent compute. A basic cloud instance that costs $20/month on DigitalOcean might cost $8-12 on Alibaba Cloud. For someone spinning up an OpenClaw instance to experiment with — which describes most of these deployments — cost is the primary driver.

This isn't a conspiracy theory about state-sponsored AI agent surveillance. It's economics. People pick the cheapest option, deploy a quick experiment, and never think about where the infrastructure actually lives or who operates it.

But the security implications are real regardless of intent.

Why This Matters

1. Jurisdiction and Data Access

When your AI agent runs on Alibaba Cloud or Tencent Cloud, the infrastructure operator is a Chinese company. China's National Intelligence Law (Article 7) requires organizations to "support, assist, and cooperate with national intelligence work." This has been the basis for concerns about Huawei, TikTok, and other Chinese technology companies operating in Western markets.

Does this mean Alibaba Cloud is actively accessing your OpenClaw data? Almost certainly not — they're a massive cloud provider focused on commercial operations. But the legal framework exists for a government request to access data on their infrastructure, and the jurisdictional picture is more complex than hosting on AWS or Google Cloud.

For the 386 exposed OpenClaw instances on Alibaba Cloud: their data is already accessible to anyone on the internet (zero auth, zero encryption). The cloud provider jurisdiction is a secondary concern when the front door is literally unlocked. But it's worth noting as organizations move toward more serious AI agent deployments.

2. The Visibility Problem

Foreign cloud providers often use IP ranges that aren't well-documented in Western threat intelligence feeds. This makes it harder to:

• Map the true ownership of infrastructure
• Identify the actual operators behind the instances
• Reach out for responsible disclosure
• Attribute activity to real organizations

During our enrichment process, instances on Western cloud providers (DigitalOcean, Google, Hetzner) had significantly higher rates of traceable domain names and org registrations. The foreign cloud instances were much harder to attribute to a specific business or person.

3. Supply Chain Awareness

If you're a business deploying AI agents on cloud infrastructure, you should know where that infrastructure actually lives. Not just the data center location — the corporate ownership, the legal jurisdiction, the operational chain.

This isn't unique to AI agents. It's the same supply chain awareness that applies to any cloud deployment. But AI agents amplify the stakes because they often have access to sensitive business data, API keys for other services, and tools that interact with internal systems.

The Western Cloud Picture

For comparison, here's what the Western cloud landscape looks like:

DigitalOcean leads the Western cloud providers — which tracks. It's the go-to platform for developers spinning up quick projects. Google, Hetzner, and Oracle Cloud also have notable presence.

Interestingly, AWS doesn't appear in the top providers. This likely reflects the user base: OpenClaw deployments are overwhelmingly individual developers and small teams experimenting, not enterprises with AWS accounts. AWS's pricing and complexity make it less attractive for casual experimentation compared to DigitalOcean or Alibaba.

What This Means for You

If you're deploying AI agents for business use:

1. Know your cloud provider's jurisdiction. Understand the legal frameworks that govern data access on your chosen infrastructure.

2. Don't pick hosting based solely on price. The cheapest VPS might be cheap for a reason. Evaluate the provider's security track record, transparency, and incident response.

3. Secure the instance regardless. Whether you're on Alibaba Cloud or AWS, the security fundamentals are the same: authentication, encryption, firewall, least-privilege. Our scan found zero instances with these basics in place, regardless of provider.

4. Inventory your AI infrastructure. Do you know where all your AI agents are deployed? Who set them up? What cloud accounts they're running on? Many organizations don't — and that's how experimental deployments on cheap foreign cloud end up processing real business data.

If you're making policy:

The pattern of AI agent infrastructure migrating to the cheapest available cloud — regardless of jurisdiction — is worth watching. As AI agents become more central to business operations, the supply chain question becomes more important. Today it's hobbyist experiments. Tomorrow it's the AI agent running your company's sales pipeline.

The Bottom Line

The 57% foreign cloud figure isn't alarming in isolation. It's a natural result of price competition in cloud hosting. But combined with the zero-security baseline we found across all 8,600+ exposed instances, it adds another layer of risk that most operators haven't considered.

Your AI agent's security isn't just about authentication and encryption. It's also about where the infrastructure lives, who operates it, and what laws apply to the data flowing through it.

Start with the basics — lock down your instance. Then think about whether your hosting choice matches the sensitivity of what your AI agent handles.

I scan the internet for exposed AI agent infrastructure and help organizations secure their deployments. Free exposure check at haunlab.com/free-audit.

— Taylor Haun, Haun Labs