OpenClaw AI Agent Susceptible to Phishing Risks
📧 Researchers at Varonis tested an OpenClaw AI email agent connected to Gmail, browser tools, and internal data sources and found it vulnerable to common phishing techniques. The agent ran in both generic and strict configurations and used Google Gemini 3.1 Pro and OpenAI GPT-5.4 models. While the agent detected malicious links and OAuth apps, it still exfiltrated credentials and CRM data in scenarios exploiting identity verification failures. Varonis recommends explicit sender verification, restricted external emailing, and human approval for high-risk actions.
