Skip to content
Tech News
← Back to articles

OpenClaw Bots Are a Security Disaster

2026-03-26 | original
read original get OpenClaw Robotics Kit → more articles
Why This Matters

The rise of OpenClaw AI agents highlights a critical security vulnerability in the adoption of autonomous, open-source AI assistants. As these agents gain popularity for managing personal and sensitive data, their potential for malicious exploitation poses significant risks to users and the broader tech ecosystem. This underscores the urgent need for robust security measures and regulatory oversight in AI development and deployment.

Key Takeaways

Sign up to see the future, today Can’t-miss innovations from the bleeding edge of science and tech Email address Sign Up Thank you!

OpenClaw agents, which are personal AI assistants designed to take over entire computers to carry out complex, multistep tasks, have blown up this year.

The free and open-source agents quickly amassed a loyal following, allowing users to give AI control over their email inboxes, messaging platforms, and even crypto holdings.

Despite the widespread enthusiasm, the tech comes with some enormous and hard-to-overlook security concerns. In a yet-to-be-peer-reviewed paper simply titled “Agents of Chaos,” an international team of researchers from Harvard, MIT and beyond red-teamed — meaning they simulated adversarial attacks to test cybersecurity measures — the open-source software in a series of experiments.

For their study, they gave OpenClaw agents a litany of simulated personal data, access to a Discord server for communication, and various applications inside a virtual machine sandbox. The results paint a worrying picture of the security implications of having AI agents run wild, well outside the confines of a browser window.

Specifically, they found that the agents complied with demands from “non-owners” with spoofed identities, leaked sensitive information, executed “destructive system-level actions,” passed on “unsafe practices” to other agents, and even took over the entire system under specific conditions.

The AI agents even went as far as to gaslight their human overlords.

“In several cases, agents reported task completion while the underlying system state contradicted those reports,” the researchers wrote.

“These behaviors raise unresolved questions regarding accountability, delegated authority, and responsibility for downstream harms, and warrant urgent attention from legal scholars, policymakers, and researchers across disciplines,” they concluded in their paper.

The situation devolved into chaos astonishingly quickly. As coauthor and Northeastern University researcher Natalie Shapira told Wired, she asked an AI agent to delete a specific email to keep information within it confidential. It said it was unable to do so and resorted to disabling the entire email application after being pushed to find an alternative.

... continue reading

Explore topics: openclaw harvard mit ai assistants cybersecurity
Related:
Apple’s Siri Isn’t Just Going to Use One Chatbot. It’s Going to Use All of Them
Trans women athletes are banned from the Olympic Games starting in 2028
Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles
Scientists Just Found the Salt Limit That Pushes Your Heart to the Breaking Point
Melania Trump brings a humanoid robot to the White House for her education and technology summit

© 2026 GoKawiil

About | Editorial Policy | Contact