AP warns of major security risks with AI agents such as OpenClaw

The OpenClaw platform offers users the option to install an AI assistant that can perform tasks autonomously. To this end, the user grants full access to their computer and programs, including email, files, and online services. This means that the assistant is then able to act independently, without direct human approval in advance. According to the AP, this type of autonomous AI agent is seen as a "Trojan horse" in the cybersecurity world because it is an attractive target for abuse.

Security researchers worldwide have reported to OpenClaw that a significant proportion of the available plug-ins contain malware designed to steal login details or crypto assets, among other things. In addition, the platform is vulnerable to hidden commands in websites, emails, and chat messages. This can lead to accounts being taken over, personal data being read, and access codes being stolen. Critical vulnerabilities have also been found that allow attackers to take over entire systems remotely.

Call to users, organizations, and parents

The AP calls on users and organizations not to use OpenClaw and similar AI agents on systems containing privacy-sensitive or confidential data. Examples include access codes, accounting records, customer files, personnel data, private documents, or identity documents. The AP also urges parents to check whether their children are doing this on devices at home. The regulator also advises exercising caution with external plug-ins, applying strict access controls, and renewing login details and access codes if there is a risk of exposure.

Organizations and individual users remain responsible for compliance with the General Data Protection Regulation (GDPR). The development and use of open source systems does not exempt developers and users from the obligation to mitigate risks in advance.

European legislation

At the European level, the AP advocates clarifying that autonomous AI agents are also covered by theAI Regulation. The AI Regulation sets product requirements for the safety of these types of systems, so that unsafe applications can be banned from the market.

Security risks of OpenClaw

OpenClaw runs locally on the user's computer. That does not automatically mean that the system is secure. Without proper security and risk management, its use can lead to serious security incidents, data breaches, and unauthorized access topersonal data.

Based on recent findings by security experts from around the world, the AP points out the following risks, among others:

• Users can add extra features to OpenClaw by installing plug-ins. About one-fifth of these plug-ins appear to contain malware that can steal the user's login details or crypto assets, for example.
• The OpenClaw platform is vulnerable to hidden commands (indirect prompt injection), which can be hidden in seemingly normal websites, emails, or chat messages.. This allows a hacker to:
  • Take over accounts of linked services (such as Google, Facebook, and Apple ID). The hacker essentially receives a master key from the user to a lot of personal data and access to other linked services.
  • Read emails, view calendars, and use local files, such as personal documents.
  • Stealing access codes from AI models, which can be used to take over the AI service.
• Critical security vulnerabilities. These allow a hacker to remotely execute malicious commands or code without physical access to the computer in question. For example, the attacker can use OpenClaw (or a similar AI system) to take complete control, steal data, or install malware.
• Data breaches. Users may also install or configure OpenClaw incorrectly, which could result in personal data becoming publicly visible.