OpenClaw (formerly Clawdbot), a self-hosted AI agent, faced significant security breaches as hundreds of its skills were found to contain malware, including Trojans and data stealers. VirusTotal recently reported that malicious skills disguised as legitimate tools, such as “Yahoo Finance,” were uploaded by a user account named “hightower6eu.” In response, OpenClaw has partnered with VirusTotal to automatically scan all skills using AI-powered “Code Insight.” This system evaluates the security of each skill, blocking malicious content while labeling suspicious ones. Despite these measures, concerns persist about vulnerabilities in AI agents, particularly from targeted natural language attacks known as prompt injections. OpenClaw’s founder, Peter Steinberger, acknowledges the challenges but emphasizes a commitment to enhancing security protocols. He aims to establish OpenClaw as the leading secure AI agent platform, highlighting ongoing efforts to address cybersecurity issues in AI systems effectively.
Source link
Share
Read more