Home/News/New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
The Hacker News2 min read

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

Two security teams demonstrated this week that OpenClaw, a widely used self-hosted AI agent, can be manipulated into executing malicious code or divulging confidential information via seemingly innocuous inputs. Imperva researchers embedded instructions within shared contacts, vCards, and location pins, which the OpenClaw agent processed without user awareness. Concurrently, Varonis developed a proof-of-concept agent that exploited similar vulnerabilities. These attacks highlight a critical security flaw where AI agents, designed to interpret and act on data, can be tricked into performing unauthorized actions. The researchers presented their findings at the DEF CON 32 cybersecurity conference in Las Vegas, detailing how these agents can be prompted to bypass security protocols and access sensitive system information. The implications of these vulnerabilities extend to any application relying on AI agents for data processing and task execution, potentially leading to data breaches and system compromises.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Read next