OpenClaw has patched a critical security vulnerability, named ClawJacked, allowing attackers to exploit a compromised website to attack a local AI agent. This flaw originated within the core OpenClaw system, enabling unauthorized access via brute-force password attempts. Without user prompts, attackers could register as trusted devices, gaining comprehensive control over AI functions and sensitive data.
The seriousness of this issue is heightened as AI agents have extensive access to enterprise systems, increasing potential damage if compromised. Recently, multiple additional vulnerabilities have been identified, prompting OpenClaw to issue fixes in various versions, enhancing security.
Users are advised to regularly update their systems, conduct security audits, and implement governance measures. Security experts underline the urgent need for organizations to treat OpenClaw as untrusted code, recommending isolated environments for deployment. They emphasize the importance of monitoring AI behavior and verifying skills downloaded from ClawHub, as malicious content increasingly targets AI ecosystems.
Source link
