Your personal OpenClaw agent may also be taking orders from malicious websites

by AiLink

The full attack chain involves a victim visiting a malicious website whose hidden script connects to the locally running OpenClaw gateway via WebSockets, brute-forces its password without rate limits, and silently registers as a trusted device due to implicit localhost trust. Once authenticated, the attacker gains full control of the AI agent and its accessible data and functions.

A larger blast radius

Unlike regular software vulnerabilities, compromised AI agents have a bigger blast radius as they hold sensitive API keys, session tokens, file system access, and the authority to execute tasks across enterprise tools.

Barr emphasized that autonomous systems “aggregate identity, credentials, and workflow authority,” meaning a failure doesn’t occur quietly. Instead, the agent executes actions “with the full authority of the user, at machine speed and machine scale.” In developer environments, that could include modifying code repositories, accessing internal systems, or triggering automated processes.

You Might Also Like

You may also like

Google asks US court to shut down Lighthouse phishing-as-a-service operation

The Easiest AI Side Hustle for Beginners

AI for Dummies: A Beginner’s Guide That Actually Makes Sense

Free AI COURSE for Beginners – Class 6 – Google...

Selling to the CISO: An open letter to the cybersecurity...

Cyberangriff auf Rathaus: Hacker veröffentlichen Daten im Darknet

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Generative AI Vs Agentic AI Vs AI Agents

OpenAI launches Aardvark to detect and patch hidden bugs in...

Deutschland und Israel trainieren Abwehr von Cyberangriff