惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
量子位
M
MIT News - Artificial intelligence
Y
Y Combinator Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Google DeepMind News
Google DeepMind News
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
雷峰网
雷峰网
I
InfoQ
罗磊的独立博客
博客园 - 聂微东
酷 壳 – CoolShell
酷 壳 – CoolShell
大猫的无限游戏
大猫的无限游戏
D
Docker
H
Hackread – Cybersecurity News, Data Breaches, AI and More
腾讯CDC
博客园 - 三生石上(FineUI控件)
The GitHub Blog
The GitHub Blog
K
Kaspersky official blog
P
Privacy & Cybersecurity Law Blog
S
SegmentFault 最新的问题
T
Threat Research - Cisco Blogs
H
Help Net Security
小众软件
小众软件
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
CERT Recently Published Vulnerability Notes
WordPress大学
WordPress大学
T
Tenable Blog
T
The Blog of Author Tim Ferriss
C
Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - Franky
A
Arctic Wolf
T
Threatpost
Scott Helme
Scott Helme
C
Cybersecurity and Infrastructure Security Agency CISA
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Exploit Database - CXSecurity.com
G
GRAHAM CLULEY
Security Latest
Security Latest
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
V
Vulnerabilities – Threatpost
P
Privacy International News Feed
S
Schneier on Security
Latest news
Latest news
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com

Jamf Blog

Jamf Nation Live 2026 London and Berlin: AI Governance and DDM 5 Mac Security Gaps Hiding in Your Apple Fleet Classroom Management Tools and Student Learning Outcomes Mobile forensics, minutes not weeks Turn Security Signals into Action with Jamf and Amplifier Security Strengthen Jamf Zero Trust Network Access With Dedicated Internet Gateway Jamf AI Assistant Now Available: Smarter Apple Device Management and Security MacBook Neo: The New Enterprise Entry Point for Mac at Scale Boost Employee Productivity in the Enterprise with Jamf Platform Authentication and Declarative Device Management: The Future of Apple Management Automation for Small IT Teams: Save Time Managing Macs What a lower-cost MacBook Neo means for education Where Apple Meets the Enterprise: Jamf’s Interoperability Advantage for Secure, Automated Access Control Simplify access, secure your apps: why SSO matters for K-12 Inside Predator’s kernel engine RSA Conference 2026 recap: AI security, enterprise mobile security and the shift to connected security platforms ClickFix technique uses Script Editor instead of Terminal on macOS Why Mac configurations fall out of sync — and how to fix them G2 names Jamf in its 2026 Best Software Awards across three categories Empowering Mac users: How Jamf Self Service+ reduces tier one support overhead for enterprise IT teams Privacy by default, flexible when required: introducing limited privacy in Jamf Safe Internet From arrival to discharge: how iOS is reimagining the healthcare journey Federated Identity Management for K-12 Education Identity and access management in K-12 schools Get Started with Scripting Series: macOS Terminal, Scripting and Jamf Pro API Managing Apple devices at Black Hat Europe with Jamf Scaling device deployments without scaling your IT team How Predator spyware defeats iOS recording indicators Making Mac work in a PC world The hidden costs of manual device provisioning Threat Actors Expand Abuse of Microsoft Visual Studio Code Mac management and security for lean IT teams Automated certificate management and device security integration The hidden risks in your mobile apps “Mac in 2026: Secure by Design Meets the Enterprise” webinar Jamf named a Unified Endpoint Management leader…again! Jamf recognized as a Leader in 2026 Gartner® Magic Quadrant™ for Endpoint Management Tools Predator’s kill switch: undocumented anti-analysis techniques in iOS spyware 2026: what to expect in tech Retail runs on iOS: Let’s take a tour through Jamf’s booth at NRF 2026 From ClickFix to code signed: the quiet shift of MacSync Stealer malware Jamf After Dark: How WorkBrew solves Homebrew security and compliance for Mac developers Managing emerging technologies: A playbook for modern IT leaders How schools can maximize learning using Apple devices and Jamf Practical intelligence: why it matters for enterprise teams Jamf Connect Q&A Jamf After Dark October recap: platform progress, identity shifts and security insights Powering managed virtualization and Windows app delivery in Mac-first enterprises FlexibleFerret malware continues to strike Managing Jamf configuration with Terraform and GitOps workflows Back to security basics: phishing Introducing the Jamf 140 Course HIMSS 2026 recap Introducing Beacon by Jamf Threat Labs GhostClaw expands beyond npm: GitHub repositories and AI workflows deliver macOS infostealer Android and Jamf: manage and secure your mobile fleet Social engineering in K-12 for beginners Jamf Nation Live 2026: Hands-On Apple Expertise Across Six Cities Developer Mode-as-a-Defense: How iOS Security Features Deter Nation-State Spyware Stop chasing passwords: how school IT can reduce reset tickets Bring Your Own Key (BYOK): Take Control of Your Encryption in Jamf Cloud DarkSword iOS Exploit Kit: 3 Lessons for Mobile Security Threat Labs Jamf Training Celebrates 20 Years of Apple IT Education and Certification Balancing Safety and Learning: K-12 Content Filtering for IT Admins Why Mac security updates take too long and how to fix it Why the Jamf platform is the natural foundation for MSPs Jamf After Dark: mobile forensics Introducing the redesigned Mac threat prevention. Now available in beta.  Beyond access: rethinking the complete Apple deployment strategy for education Gain faster updates and real-time fleet visibility with DDM What the Canvas breach tells us about the state of education security Why K-12 students need web filtering that travels with their devices Jamf spotlighted in Okta Businesses at Work 2026 Report Jamf Nation Live 2026 recap MobiDash internals: ghost clicks and SSH tunnels in commercial adware Tech Partner Spotlight: Jamf + SmallStep MacBook Neo in K-12 Closing the gaps: How Jamf protects macOS and iOS with real-time threat prevention MSP engineering: The art of scoping in Jamf Pro at scale Mac in education is evolving. Jamf School makes it simple Why Apple devices deserve security built for them Seamless Learning Access: Simplicity that puts learning first Reducing IT firefighting: Fewer failed updates, less manual cleanup Apple WWDC26: Keynote recap How Jamf helps maximize your Microsoft investments MTE as a microscope WWDC26: Key takeaways for education institutions WWDC26: Key takeaways for Apple admins The JNUC 2026 session catalog is live — and the clock is ticking Jamf After Dark: Why we moved 1,900+ Apple devices back to Jamf AI governance for Mac: bringing AI under management AI Adoption Is High, Governance Is Lagging Klue Third-Party Cybersecurity Incident How Identity Automation, Claris, and Jamf Simplify Apple Workflows for Education What Is AI Governance? How Proactive Device Status Reporting Transforms Mac Fleet Visibility AI Governance on Mac: A Practical Guide for IT and Security Teams Restaurants Run on iOS: Jamf and IPORT at the NRA Show AI Governance on Mac: A Practical Guide for IT and Security Teams PamStealer: macOS Malware Posing as Clipboard Manager App
OpenClaw: the helpful AI that could quietly become your biggest insider threat
Jamf Threat Labs · 2026-04-11 · via Jamf Blog

By: Elad Shapira, Allen Golbig, Nir Avraham, Yuan Shen, Matteo Bolognini

What is OpenClaw (the “thinking” runtime)?

OpenClaw represents the shift from software as a passive tool to software as an active teammate. An autonomous system that doesn’t wait for clicks, but reasons, decides and acts on its own. It is an open-source framework for building autonomous AI agents, best understood as an automation engine with a “brain” attached, capable of chaining actions across tools, maintaining long-term memory and evolving its capabilities over time.

Give it a high-level goal, for example, “research the latest earnings reports, summarize them and draft an email to the board,” and it doesn’t stop at a single search. It decides what data to pull, which APIs to call, which files to read or write, and how to format the output.

It runs natively on macOS, Windows and Linux, often as a background service. It integrates directly with messaging platforms, corporate email, calendars, cloud consoles and local files. It remembers context across sessions and can pick up where it left off hours or days later.

How can OpenClaw be dangerous?

While it offers powerful automation and productivity boosting capabilities, several security concerns make it particularly dangerous without careful attention to security:

Key risks:

  • Unrestricted system access: OpenClaw agents can execute shell commands, access files and interact with applications without built-in security boundaries.
  • Lateral movement potential: Once deployed, agents can potentially access network resources and spread across systems.
  • Data exfiltration: AI agents have broad access to information they process, creating data loss risks.
  • Lack of audit trails: Many deployments lack comprehensive logging of agent actions.
  • Shadow IT deployments: Users may install OpenClaw without IT approval or security review.

Where agentic risk turns real

In OpenClaw deployments, risk rarely comes from a software bug or malicious intent. More often, it emerges from powerful features operating without clear boundaries. Recent GitHub security advisories illustrate how quickly an autonomous agent can shift from a helpful assistant to a high-risk insider.

Several advisories have demonstrated that once an attacker gains access to agent credentials or control interfaces, the blast radius is significant. Token exfiltration issues (for example, GHSA-g8p2-7wf7-98mq, CVE-2026-25253) exposed paths where a single stolen gateway token enabled remote connections, configuration changes and arbitrary command execution. In parallel, local file inclusion flaws (such as GHSA-r8g4-86fx-92mq) allowed agents to read sensitive files simply by emitting specially crafted paths, bypassing traditional filesystem controls. Other advisories (including GHSA-q284-4pvr-m585, GHSA-g55j-c2v4-pjcg) showed how command injection could be achieved through unescaped user input, unsafe WebSocket configuration writes or SSH handling, resulting in execution with minimal interaction.

What ties many of these issues together is how agents consume and act on input. OpenClaw agents routinely ingest emails, documents, web pages, chat messages and third-party skills as part of their normal operation. This creates fertile ground for indirect prompt injection, where malicious instructions are embedded inside otherwise legitimate content.

Because these instructions arrive through normal business inputs, the resulting actions often look indistinguishable from legitimate automation. The agent is not exploited in the traditional sense — it is instructed. Files are accessed using valid permissions, credentials are handled through authorized APIs and outbound communication follows expected workflows.

This risk is amplified by the surrounding ecosystem. Public skill repositories have already shown how malicious extensions can masquerade as legitimate functionality, permanently altering agent behavior once installed.

At the same time, many real-world deployments store API keys, OAuth tokens, and conversation history in accessible locations or expose control interfaces without strong authentication, making post-compromise persistence easy to maintain.

Taken together, these are not theoretical concerns. They demonstrate how an over-privileged, insufficiently governed agent on a trusted, mission-critical endpoint device can become a persistent and trusted execution layer — one that attackers can steer indirectly through content, configuration or supply-chain manipulation rather than traditional exploits.

Detection and visibility of OpenClaw deployments

Focusing on these paths in macOS can help with discovering OpenClaw in your organization:

  • ~/.openclaw
  • ~/Library/LaunchAgents/ai.openclaw.gateway.plist
  • /Applications/OpenClaw.app (optional macOS companion application)

Detection methods:

  1. Process monitoring: Detecting the installation/onboarding commands for OpenClaw and associated commands for installing skills from Clawhub.
  2. Network traffic analysis: Blocking domains associated with OpenClaw and monitor API calls to LLM providers (OpenAI, Anthropic, etc.)
  3. File system scanning: Monitor OpenClaw installation directories, configuration files, and persistence items.
  4. API key detection: Scan for AI service API keys in environment variables or config files

Configure Jamf for Mac for prevention, detection and remediation

If aligned to your corporate policy and risk reduction strategy, Jamf for Mac supports comprehensive protection against unauthorized AI agent deployments in macOS.

Jamf-based protection strategy:

1. Prevention

Domains included (at the time of writing):

  • clawhub.ai
  • openclaw.ai
  • open-claw.me
  • molt.bot
  • openclaw.bot
  • Self Service: Use a Policy to refer to documentation about risks of OpenClaw usage

  • Documentation: Ensure corporate security policies include verbiage around AI-agents

  • Ensure that alternative AI tools (if any) are easily accessible and referenced in both Self Service and internal policies.

Jamf Protect’s Advanced Threat Controls (ATC) help prevent the execution of known malicious commands used to install malicious skills.

2. Detection

Jamf Pro

Jamf Protect

  • Custom analytics: Behavioral detections (non-blocking) of specific OpenClaw usage

  • Telemetry: Telemetry provides visibility into OpenClaw installation and usage on macOS devices, enabling security operators to detect OpenClaw activity within their SIEM.

3. Response

Best practices for AI agent governance

  1. Establish clear policies: define acceptable AI agent use cases
  2. Require approval workflows: internal review before AI agent deployment
  3. Implement monitoring: continuous visibility into AI agent activities
  4. Security training: educate users about AI agent risks
  5. Vendor evaluation: assess commercial alternatives with built-in security
  6. Incident response plans: prepare for AI agent-related security incidents

Conclusion

OpenClaw and similar AI agent frameworks represent powerful automation tools, but they introduce significant security risks when deployed without proper controls. Organizations must balance innovation with security by implementing comprehensive detection, remediation and prevention strategies. Using MDM solutions like Jamf provides the visibility and control necessary to manage AI agents safely in enterprise environments.

The key is not to ban AI agents entirely, but to ensure they are deployed in a controlled, monitored and secure manner that protects organizational data and systems.