OpenClaw AI Agent Vulnerable to New Attacks

Research by two security teams has shown this week that the self-hosted AI agent OpenClaw can be manipulated by seemingly harmless inputs to execute code controlled by attackers or disclose sensitive data. Security researchers from Imperva and Varonis developed different methods to demonstrate these vulnerabilities. Imperva utilized instructions hidden in shared contacts, vCards, and location pins. This information was executed by the OpenClaw agent without the victim ever being aware of the malicious activities. The researchers pointed out that these attacks are enabled by the way OpenClaw processes inputs.

In contrast, Varonis developed a test agent to verify OpenClaw's vulnerability. Their tests showed that the agent was capable of responding to simple, everyday requests that were manipulated to execute harmful code. This approach could potentially lead to significant data loss if applied in practice. The vulnerabilities were identified not only in the test environment but also in real-world scenarios, underscoring the urgency of the issue. The researchers emphasize that the attacks are not limited to technical experts but can also be executed by less experienced users, increasing the threat.

OpenClaw is a popular AI agent used in many companies to automate tasks and process information. The discovery of these vulnerabilities could have far-reaching implications for the use of such technologies, especially in security-critical areas. The security researchers have already recommended measures to minimize risks, including reviewing and filtering inputs sent to the OpenClaw agent. Companies should also revise their security policies to ensure they are prepared against such attacks.

The discovery of these vulnerabilities has also attracted the attention of security authorities. Experts warn that the attacks on OpenClaw represent an example of a growing threat posed by AI-driven systems. The possibility that such systems can be exploited through simple manipulations necessitates a reevaluation of security strategies. The researchers from Imperva and Varonis have published their findings in separate reports that contain detailed technical information about the attacks. These reports aim to assist other security teams in identifying and addressing similar vulnerabilities in their own systems.

The vulnerability has been classified as critical, and further investigations are expected to understand the full extent of the threat. The researchers have already taken initial steps to report the vulnerabilities and inform the affected companies. The vulnerability not only affects OpenClaw but could also impact similar AI agents based on comparable technologies. The researchers advise reviewing security practices across the industry to prevent future attacks. The reports from Imperva and Varonis were published on June 10, 2026, and are of great significance for security experts to ensure the integrity of their systems.