thehackernews.com

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets (opens in new tab)

Covers 3 stories See all stories this covers including openclaw/openclaw: Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞Covered by 4sysops, CySecurity NewsDiscussed on DEV

Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and location pins that the agent executed without the victim ever seeing them. Varonis built a test agent on

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 2 articles

4sysops·

Vulnerabilities in OpenClaw AI agents allow remote code execution and data leaks

Feeds
CySecurity News·

CySecurity News - Latest Information Security and Hacking Incidents: OpenClaw Security Flaws Expose AI Agents to Hidden Commands and Data Theft Risks

Discussed on Blogger
Feeds

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help