OpenClaw AI Agent Vulnerabilities and Mitigations
🛡️ Two security teams demonstrated attacks against OpenClaw, where hidden instructions in shared contacts, vCards, and location pins or ordinary-looking emails caused the agent to execute attacker-controlled code or exfiltrate sensitive data. Imperva found a message-object prompt-injection flaw that OpenClaw patched in version 2026.4.23, while Varonis showed social-engineering 'agent phishing' that requires architectural controls rather than a simple patch. Operators are urged to update, restrict outbound actions, and treat agents as junior employees needing human oversight.
