An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data theft.

The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits ...

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...

Oasis Security researchers find yet another security problem with the OpenClaw AI agent, with this one allowing malicious websites to silently take control of a developer's system and steal data.

Don't leave your OpenClaw with an easy password ...

OpenClaw is in the news again for another serious security issue. Security researchers from Oasis Security discovered a ...

A serious vulnerability in the open-source AI agent OpenClaw made it possible for arbitrary websites to take complete control ...

Oasis Security reveals how a new ClawJacked vulnerability could allow attackers to silently take over a victim’s OpenClaw ...

The now-patched flaw is the latest in a growing string of security issues with the viral AI tool, which has seen rapid adoption among developers.

幻觉问题会导致AI行为的不可预测性，即使是正常功能也可能在特定条件下失控。近期发生的一起真实事件印证了这一点：Meta的AI安全专家在使用OpenClaw整理邮箱时，该智能体无视连续三次的“停止”指令，疯狂删除了数百封邮件，充分展示了高权限AI在失控时的巨大破坏力。

A：ClawJacked是OpenClaw中的一个高严重性安全漏洞，允许恶意网站通过WebSocket连接到本地运行的AI智能体并接管控制权。攻击者可以通过暴力破解密码、注册为受信任设备，最终获得对AI智能体的完全控制权，包括转储配置数据、读取日志等。