Google Bans $250/Mo Users for OpenClaw: Zero Warning, Zero Appeal
Google executed a mass ban wave starting February 12, 2026, permanently disabling Antigravity access for AI Ultra subscribers, some paying $250 monthly, who connected Gemini models through OpenClaw’s OAuth authentication.

The enforcement came without warning emails, grace periods, or clear appeal paths, leaving users facing 403 PERMISSION_DENIED errors and account messages stating This service has been disabled in this account for violation of Terms of Service.

OpenClaw creator Peter Steinberger announced he’s removing Gemini OAuth support entirely, calling Google’s approach draconian compared to Anthropic, which pings me and is nice about issues. Google just… bans?

The Enforcement Logic: Backend Degradation vs Customer Trust

Varun Mohan, speaking for Google’s Antigravity team, defended the crackdown by citing a massive increase in malicious usage of the Antigravity backend that has tremendously degraded the quality of service for our users. The technical issue: Antigravity OAuth tokens are designed exclusively for Google’s first-party services, primarily the official Antigravity IDE. When third-party tools like OpenClaw route requests through these private tokens, Google’s systems flag the traffic as abuse bypassing standard API limits and generating unusual automated patterns that overwhelm infrastructure.

Mohan clarified that bans affect only Antigravity product access, leaving Gmail, Workspace, and other Google services untouched: It is not intended to use the Antigravity backend as a proxy for other products. He suggested a path for unaware users to potentially regain access, though specifics remain murky—users emailing [email protected] report weeks without responses.

The OpenClaw Problem: 21,000 Exposed Instances, 5 CVEs in Five Days

OpenClaw’s meteoric rise, 200,000+ GitHub stars since November 2025, came with security disasters that likely accelerated Google’s enforcement. Censys identified 21,639 publicly exposed OpenClaw instances sitting vulnerable on the internet as of January 31, while SecurityScorecard found hundreds of thousands more carrying remote code execution risks. Five CVEs required patches between January 25-30, including a one-click RCE vulnerability needing two attempts to fix before version 2026.1.30 closed gaps. When Sam Altman announced February 15 that OpenAI acquired OpenClaw’s creator Peter Steinberger, the tool’s reputation split between “revolutionary agent framework” and “enterprise security nightmare.”

The business calculus parallels Antigravity’s previous infrastructure struggles: Google priced AI Ultra subscriptions assuming human-paced usage, not autonomous agents burning through tokens continuously. OpenClaw subscribers routed hundreds of thousands of automated API calls through OAuth tokens meant for IDE interactions, collapsing the economics that subsidized consumer access.

Anthropic Gave Warning; Google Didn’t

The contrast in enforcement approaches matters. Anthropic updated its Consumer Terms of Service on February 20 explicitly prohibiting OAuth usage in third-party tools, with engineer Thariq Shihipar posting detailed explanations on social media about why subscriptions couldn’t support agent workflows. OpenCode removed Claude support by Thursday. Users had visibility into policy changes and time to adjust workflows before enforcement began.

Google executed bans first, communicated later. No ToS update preceded the February 12 wave. No announcement warned users OAuth tokens were off-limits in third-party apps. Paying Ultra subscribers, including those managing work accounts and enterprise projects, discovered violations only when services stopped working. The developer forum fills with posts from $250/month subscribers pleading for explanations, appealing restrictions, and asking whether standard Antigravity troubleshooting applies when the problem is account-level enforcement rather than technical bugs.

The Economic Squeeze: AI Coding War Escalates

OpenAI’s acquisition of OpenClaw triggered competitor responses across the industry. Both Anthropic and Google blocked OpenCode from accessing Pro-tier subscriptions within days, leaving only OpenAI openly allowing third-party agent integration. The pattern suggests coordinated realization that subsidized consumer pricing couldn’t survive agent automation without either raising prices (alienating human users) or restricting third-party access (breaking ecosystem tools). Google and Anthropic chose restriction; OpenAI absorbed OpenClaw rather than fight it.

As one Hacker News commenter summarized: That’s a legitimate economic concern. But the enforcement is indefensible—zero-tolerance instant bans on paying subscribers with no warning, no graduated response, and near-zero support. The customer service failure compounds the policy violation: Ultra subscribers expect premium support befitting $250 monthly fees, yet receive automated rejection messages indistinguishable from free-tier enforcement.

Follow us on Bluesky, LinkedIn, and X to Get Instant Updates

RELATED ARTICLESMORE FROM AUTHOR