{"data":{"id":"a7384a5d-9f1b-4a1f-847a-dbc3e62e4a1e","title":"New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets","summary":"Two research teams discovered that OpenClaw, a self-hosted AI agent, can be tricked into running attacker-controlled code or leaking secrets through two different attack methods. Imperva found that hidden instructions embedded in shared contacts, vCards, and location pins are flattened into the AI's input text without being marked as untrusted, allowing the agent to execute them invisibly to the user. Varonis demonstrated that the agent can also be manipulated by ordinary-looking phishing emails impersonating trusted colleagues, causing it to forward sensitive data like AWS keys without verifying the sender's identity.","solution":"Imperva's discovered flaw is patched in OpenClaw version 2026.4.23, which moves contact names, vCard fields, and location labels out of the prompt body and into a separate untrusted-metadata channel. For the phishing vulnerability that Varonis found, the source states this \"is not something a patch fixes; it comes down to limiting what the agent can do on its own.\"","labels":["security","safety"],"sourceUrl":"https://thehackernews.com/2026/06/new-attacks-trick-openclaw-ai-agent.html","publishedAt":"2026-06-11T17:46:32.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","jailbreak"],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI","Google"],"affectedVendorsRaw":["OpenClaw","Imperva","Varonis","Google Gemini","OpenAI Codex GPT-5.4"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-11T17:46:32.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}