惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Secure Thoughts
雷峰网
雷峰网
罗磊的独立博客
T
The Blog of Author Tim Ferriss
阮一峰的网络日志
阮一峰的网络日志
量子位
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
云风的 BLOG
云风的 BLOG
人人都是产品经理
人人都是产品经理
GbyAI
GbyAI
Cisco Talos Blog
Cisco Talos Blog
Engineering at Meta
Engineering at Meta
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
A
About on SuperTechFans
D
Darknet – Hacking Tools, Hacker News & Cyber Security
The Cloudflare Blog
Know Your Adversary
Know Your Adversary
T
Threat Research - Cisco Blogs
Spread Privacy
Spread Privacy
D
DataBreaches.Net
T
The Exploit Database - CXSecurity.com
K
Kaspersky official blog
Cyberwarzone
Cyberwarzone
爱范儿
爱范儿
U
Unit 42
Security Latest
Security Latest
M
MIT News - Artificial intelligence
月光博客
月光博客
Scott Helme
Scott Helme
G
Google Developers Blog
有赞技术团队
有赞技术团队
T
Tor Project blog
宝玉的分享
宝玉的分享
Y
Y Combinator Blog
博客园 - Franky
H
Hackread – Cybersecurity News, Data Breaches, AI and More
aimingoo的专栏
aimingoo的专栏
The GitHub Blog
The GitHub Blog
V
V2EX
B
Blog
Apple Machine Learning Research
Apple Machine Learning Research
S
Securelist
博客园 - 三生石上(FineUI控件)
Blog — PlanetScale
Blog — PlanetScale
TaoSecurity Blog
TaoSecurity Blog
Stack Overflow Blog
Stack Overflow Blog
P
Proofpoint News Feed
腾讯CDC
D
Docker
Google Online Security Blog
Google Online Security Blog

Search Security Resources and Information from TechTarget

How to operationalize threat modeling with AI | TechTarget CISO First fully agentic ransomware attack sparks readiness concerns | TechTarget Evaluating secure enterprise browsers vs. security plugins | TechTarget The AI vulnerability storm is here: Is your security program ready? | TechTarget Perimeter to posture: A roadmap to zero trust maturity | TechTarget TLS certificate lifetime changes: What CISOs must do now | TechTarget The agentic AI 8 key aspects of a mobile device security audit program | TechTarget Why mobile security audits are important in the enterprise | TechTarget Beyond the perimeter: The shift to data-centric protection | TechTarget How agentic AI threat intelligence aids NGO cyber defense: Case study | TechTarget How to conduct a mobile app security audit | TechTarget NO FAKES Act advances: What CISOs need to know | TechTarget What CISOs should know about AI runtime security | TechTarget As Q-Day looms, 90% of systems are unprepared for PQC | TechTarget A CISO Most security pros say their culture is Zscaler lays out its vision to secure the AI era at Zenith Live | TechTarget Cloud security metrics and KPIs: A CISO Florida public sector training on SimSpace cyber range: Case study | TechTarget Reporters' Notebook — Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security It's time to update incident response for the AI era How to build AI security guardrails without blocking innovation The prosecution gap: Why cybercrimes go unpunished AI in cyberdefense: Learning from threat actors' playbooks Top identity and access management risks CISO role changes as cyber-risk appetites in the C-suite grow CISO's guide to data minimization Researchers build autonomous AI worm that can reason and adapt How to secure data at rest, in use and in motion How to find cyber-risk data sources for a FAIR analysis Lost in translation: Cybersecurity board reporting for CISOs How to prepare security controls for future AI regulations EO 14390 raises stakes for enterprise cybersecurity First month of Mythos Preview testing exposes 10K flaws OT attacks shift from recon to physical control, raising stakes For CISOs, dawn of OpenAI Daybreak brings good and bad news Gartner Security & Risk Management Summit 2026: Adapting for AI | TechTarget Inside business email compromise attacks: Real-world examples Verizon 2026 DBIR: 6 key takeaways for CISOs Identity security for AI agents: The proliferation challenge How to build a business impact analysis checklist Taking care of business: The CISO's role in a cyber crisis What CISOs need to know about AI audit logs SOC vs. MDR: What CISOs need to consider Instructure cyberattack reignites ransom payment debate Transform SIEM rules with behavior-based threat detection CISO's guide: How to test an incident response plan How to implement zero trust for AI Data after the breach: Economics of the dark web The breakup: Why CISOs are decoupling data from their SIEMs | TechTarget News brief: Security worries and warnings as AI use expands How to construct an effective security controls evaluation 5 leading enterprise password managers to consider Claude Mythos changes the AI security threat matrix Buyer 6 things to check in your cyber insurance policy fine print How cyber insurance helped with breach recovery -- or not News brief: Critical infrastructure, OT cybersecurity attacks Tape's strategic role in modern data protection Top zero-trust use cases in the enterprise What every CISO should consider before a SIEM migration CISO's guide to centralized vs. federated security models Shadow code: The hidden threat for enterprise IT How to fix cybersecurity's agentic AI identity crisis 5 top SIEM use cases in the enterprise Top 8 e-signature software providers for 2026 How do digital signatures work? News brief: AI woes continue for security leaders Deepfake era demands proof-based security, not just awareness Is SOAR dead or alive? Sort of The push for digital sovereignty: What CISOs need to know Beyond awareness: Human risk management metrics for CISOs Cybersecurity in the age of AI means bigger, faster threats At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government Inside the SOC that secured RSAC 2026 Conference How to roll out an enterprise passkey deployment How to improve the SOC analyst experience -- and why it matters How contact centers detect and prevent fraud News brief: Iranian cyberattacks target U.S. water, energy CISO checklist: Cybersecurity platform or marketing ploy? RSAC 2026 Conference: Key news and industry analysis | TechTarget Next-generation firewall buyer's guide for CISOs Contact center monitoring best practices for CX leaders RSAC 2026: Cyber insurance and the rise of ransomware Agentic AI's role in amplifying and creating insider risks RSAC 2026 recap: AI security and network security trends Identity security at RSAC 2026: The new enterprise dynamics Meaningful metrics demonstrate the value of cyber-resiliency What to know about red team testing and the law News brief: Iran cyberattacks escalate, U.S. targets named 5 top SOC-as-a-service providers and how to evaluate them Cloud security architecture: Enterprise cloud blueprint for CISOs Contact center compliance checklist for modern workforces How AI caught a malicious North Korean insider at Exabeam Watch your words: Tim Brown's advice for CISOs News brief: U.S. absence at RSAC sparks leadership concerns Network security management challenges and best practices 10 enterprise secure remote access best practices
The OpenClaw security risks every CISO needs to know | TechTarget
Matthew Smith · 2026-06-17 · via Search Security Resources and Information from TechTarget

The business case for OpenClaw is clear, but so are the security risks. Learn why a cybersecurity expert says deployments are putting enterprises in real danger.

Viral AI agent platform OpenClaw is spreading through enterprises like wildfire -- and bringing with it major cyber-risk.

OpenClaw, an open source, self-hosted AI personal assistant, burst onto the scene in late 2025. Created by Austrian developer Peter Steinberger, OpenClaw connects frontier large language models (LLMs) to messaging platforms such as WhatsApp, Telegram, Discord and iMessage, enabling users to interact with a powerful AI agent through the communication tools they already use every day.

OpenClaw's depth of access to local systems sets it apart from a typical chatbot. Because the agent runs on hardware you control, it can interact with your file system, execute shell commands, manage email, access calendars and browse the web. It can also integrate with thousands of third-party applications through the Model Context Protocol (MCP) and OpenClaw's community skills marketplace, ClawHub. In essence, OpenClaw transforms an LLM from a conversational tool into an autonomous agent capable of taking real-world actions on your behalf.

The platform's rise in popularity has been staggering. On January 27, 2026, Bitsight researchers observed 679 distinct, publicly exposed OpenClaw instances on the internet. By February 8, 2026, that number had climbed to 31,674. Adoption continues to accelerate today, and for enterprises, this rapid growth signals both an opportunity and a warning sign.

The business case for OpenClaw

OpenClaw represents a meaningful leap forward in AI-driven productivity. Employees can delegate time-consuming tasks -- e.g., triaging email, scheduling meetings, summarizing documents, running reports and interfacing with internal tools -- to an agent that operates autonomously and learns from context.

Because OpenClaw is self-hosted, organizations theoretically retain full control over their data, avoiding the compliance concerns that arise when sensitive information is routed through third-party cloud services.

The MCP integration layer means OpenClaw can plug into existing enterprise workflows through tools such as Zapier and Make, as well as direct API connections, providing governed access to thousands of business applications. For organizations looking to scale operational efficiency without scaling headcount, the appeal is obvious.

Security implications of OpenClaw

If a seasoned AI safety expert can lose control of an OpenClaw agent in minutes, the implications for less technically inclined enterprise users should give every CISO pause.

The same capabilities that make OpenClaw powerful also make it dangerous when deployed without proper safeguards.

A cautionary example comes from an unlikely source: Summer Yue, the director of alignment at Meta Superintelligence Lab, the company's AI research and development division. In early 2026, Yue reported on X that an OpenClaw agent deleted hundreds of emails from her primary inbox despite explicit instructions to wait for confirmation before acting.

"I couldn't stop it from my phone," Yue wrote. "I had to run to my Mac mini like I was defusing a bomb."

If a seasoned AI safety expert can lose control of an OpenClaw agent in minutes, the implications for less technically inclined enterprise users should give every CISO pause.

The incident underscores a fundamental challenge with autonomous AI agents: once given permission, they act according to their interpretation of instructions, not necessarily yours. The gap between intent and execution can be catastrophic, and the speed at which agents operate means damage can compound before anyone notices or can stop it.

Top OpenClaw security risks CISOs should know

The considerable security risks that OpenClaw use introduces to enterprises include the following.

Credential and data exposure

To function, OpenClaw's architecture inherently requires access to sensitive credentials -- e.g., API keys, email tokens and calendar permissions. Security researchers have found that many deployments store these credentials in plaintext configuration files, creating immediate opportunities for exploitation.

In January 2026, CVE-2026-25253 -- which has a CVSS rating of 8.8 -- demonstrated how attackers can craft malicious URLs that silently exfiltrate authentication tokens without prompting the user, leading to full gateway compromise. OpenClaw later released a patch.

Indirect prompt injection

Security researcher Simon Willison has described what he calls "the lethal trifecta," which occurs when an AI agent has the following:

  • Access to private data.
  • Exposure to untrusted content.
  • The ability to communicate externally.

According to Willison, an attacker can easily trick an AI agent that has all three of these features -- which OpenClaw does by design -- into accessing and sharing private data.

Indirect prompt injection, for example, hijacks the agent's behavior by embedding malicious instructions in content the agent processes, such as emails, webpages or documents. In other words, an attacker does not need to breach your network; they only need to place a carefully crafted prompt where an OpenClaw agent will encounter it.

Supply chain compromise

In February 2026, researchers at cybersecurity vendor Koi Security exposed a systemic weakness in OpenClaw's third-party skills marketplace, ClawHub, and uncovered a massive supply chain threat campaign they dubbed ClawHavoc.

Researchers initially identified 341 malicious skills on ClawHub, roughly 12% of the registry at the time, masquerading as legitimate productivity and cryptocurrency tools. These skills deployed infostealers, reverse shells and the Atomic macOS Stealer malware, exfiltrating browser credentials, keychains, SSH keys and crypto wallets. As researchers continued scanning ClawHub, the number of malicious skills they found more than doubled within 15 days.

At the time of ClawHavoc's discovery, according to David Kasabji, head of threat intelligence at digital infrastructure provider Conscia, publishing a skill to ClawHub required nothing more than a one-week-old GitHub account. There was no code review, no signing requirement and no automated analysis.

OpenClaw has since implemented security scanning of third-party skills, in partnership with VirusTotal.

Excessive API permissions and execution privileges

OpenClaw agents often accumulate permissions far beyond what any individual task requires. Because the agent operates with the user's full set of granted privileges, a compromised or misbehaving agent can read, modify and delete data across every connected service.

The governance-containment gap is real: While roughly 58% of organizations report monitoring their AI agents, according to the Cloud Security Alliance, only 37% report having the ability to actually stop an agent when something goes wrong. Least-privilege principles, which are foundational to enterprise security, are frequently ignored in agentic AI deployments simply because restricting permissions reduces the agent's utility.

What should CISOs do?

OpenClaw deployments pose enormous risks for enterprises, but unfortunately, shadow AI also makes them all but inevitable. The reality is that employees are already experimenting with such tools, whether or not your security team has sanctioned them.

Rather than banning these tools outright, forward-thinking CISOs should establish governance frameworks that do the following:

  • Address identity and access management for AI agents.
  • Enforce least-privilege policies.
  • Mandate human-in-the-loop approval for destructive actions.
  • Audit agent behavior and skill provenance.
  • Segment agent access to limit blast radius.
  • Invest in visibility.

The question is not whether your organization will encounter autonomous AI agents, but whether your security posture will be ready when it does.

Matthew Smith is a vCISO and management consultant specializing in cybersecurity risk management and AI.

Dig Deeper on Threats and vulnerabilities