VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Attacks on OpenClaw: hidden commands force agent to execute code and exfiltrate secrets

Атаки на OpenClaw: скрытые команды заставляют агента запускать код и сливать секреты

Colleagues, I’d like to highlight recent cybersecurity incidents involving OpenClaw: the agent can be coerced into executing code and leaking secrets.

- Imperva: hidden instructions were embedded in shared contacts, vCard fields and location tags — injected into the prompt; fixed in release 2026.4.23.
- Varonis: ordinary emails persuaded the agent to forward mock AWS keys and export client data — an architectural flaw not solvable by a patch.
- Root cause: the agent ingests private data, accepts untrusted content and can transmit data externally.

Why it matters: an agent with broad access is a potential compromise.

How do you secure agent integrations in your systems?

#cybersecurity #AI #infosec #agents

Latest comments

No comments yet.