OpenClaw can bypass your EDR, DLP and IAM without triggering a single alert

Cybersecurity experts are facing a new challenge as attackers are embedding hidden instructions in forwarded emails to exploit vulnerabilities in OpenClaw agents. These agents, used for various tasks, are unknowingly following these instructions to forward credentials to external endpoints. What’s alarming is that the firewall logs show no anomalies, EDR records normal processes, and no signatures are triggered, leaving security teams unaware of the breach.

In response to this growing threat, six different security teams have developed defense tools for OpenClaw in just 14 days. However, despite these efforts, three major attack surfaces remain vulnerable. Token Security discovered that a significant number of enterprise customers have employees using OpenClaw without IT approval. Additionally, there has been a significant increase in publicly exposed instances of OpenClaw, highlighting the urgent need for stronger security measures.

One of the key researchers involved in addressing these security gaps is Jamieson O’Reilly, who has been instrumental in pushing for fixes within the OpenClaw project. He has worked closely with founder Peter Steinberger to implement dual-layer malicious skill detection and is now advocating for a capabilities specification proposal to enhance security standards.

The three main vulnerabilities that persist in OpenClaw’s defense mechanisms include runtime semantic exfiltration, cross-agent context leakage, and agent-to-agent trust chains without mutual authentication. These vulnerabilities allow attackers to execute malicious activities undetected, posing a significant risk to organizations using OpenClaw.

To address these gaps, security teams have developed new defense tools and architectural rewrites to enhance security measures. These tools focus on continuous verification, sandboxing untrusted tools, and enhancing scan and audit capabilities to detect malicious activities. O’Reilly’s proposal for a skills specification update aims to improve the proactive identification of security flaws in OpenClaw.

To mitigate the risks associated with OpenClaw, organizations are advised to conduct thorough inventories of running instances, mandate isolated execution, deploy security tools on every agent, require approval for sensitive actions, and map the remaining vulnerabilities against their risk register. By taking these proactive measures, organizations can strengthen their defenses against potential threats.

In conclusion, the security landscape for OpenClaw agents is evolving rapidly, and it is crucial for organizations to stay vigilant and implement robust security measures to protect against potential breaches. By addressing the key vulnerabilities and adopting best practices, organizations can mitigate the risks associated with using OpenClaw agents effectively.