GoKawiilPhishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users.
The OpenClaw open-source AI agent framework allows large language models (LLMs) to interact with real-world systems and perform actions autonomously. It can be used as an email agent for basic reasoning and operations.
Researchers at security firm Varonis created an OpenClaw agent and connected it to a Gmail inbox, browser tools, Google Workspace APIs, and fabricated internal company data sources, instructing it to monitor and process incoming emails.
The synthetic enterprise data included AWS credentials, database credentials, CRM exports, internal communications, and Calendar invites, all highly sensitive data.
The agent ran on two configurations: a generic one with standard productivity instructions, and a strict mode that included specific instructions for phishing awareness and identity verification procedures.
The framework was tested with two models, namely Google Gemini 3.1 Pro and OpenAI GPT-5.4.
“Varonis Threat Labs explored whether the same phishing techniques that have tricked humans for decades would also work on the AI agents working on their behalf,” reads the report.
“We created an OpenClaw AI agent named Pinchy to test whether the agent would pass or fail versions of classic phishing simulations.”
Simulated attack overview
Source: Varonis
... continue reading