AnalysisCybersecurityJune 11, 2026

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

Imperva hid commands in shared contacts that OpenClaw executed; the flaw is patched in version 2026.4.23. Varonis showed a single email can trick the agent into forwarding AWS keys and customer data, a weakness not fixable by a patch.

Featured · Yohann Sillam

1 source