OpenClaw AI Agent Found Falling for Phishing Attacks, Spills User Data

OpenClaw AI agent found falling for phishing attacks, spills user data

Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...]

OpenClaw AI Agent is Vulnerable to Phishing Attacks

OpenClaw AI Agent is Vulnerable to Phishing Attacks Open-source AI framework, OpenClaw, is highly vulnerable to classic phishing attacks. Tested using Google Gemini 3.1 Pro and OpenAI GPT-5.4, the agent successfully detected malicious links and OAuth apps. However, it failed to verify sender identities under urgent pretexts, mistakenly leaking sensitive corporate data like AWS keys and CRM records. Security experts recommend enforcing strict ide…

OpenClaw AI Agent Leaks Credentials in Phishing Simulation

Autonomous email agents can become high‑impact phishing victims, leaking cloud credentials and sensitive business data even when wrapped in explicit safety instructions. In a controlled lab deployment on the OpenClaw agent platform, an AI agent dubbed “Pinchy” failed multiple classic phishing simulations, including one in which it forwarded AWS IAM keys, database passwords, and SSH […] The post OpenClaw AI Agent Leaks Credentials in Phishing Sim…

Autonomous AI agents duped into leaking sensitive data in phishing test

AI agents given access to corporate email and business applications could become a new phishing target for attackers, according to cybersecurity researchers, after a test agent built on OpenClaw was tricked into sharing cloud credentials and customer data with an external attacker. Varonis Threat Labs said it built an OpenClaw AI agent called Pinchy to test whether autonomous agents could fall for the same kinds of phishing attacks that have lon…