AI Agents Draw Security Scrutiny as User Base Grows
OpenClaw, an AI agent tool that automates tasks on computers, has attracted more than three million users worldwide. The rapid adoption has cybersecurity experts warning about the risks these systems pose.
AI agents are built on large language models like OpenAI's ChatGPT and Anthropic's Claude. They can perform actions on a user's behalf-sending emails, deleting files, sharing personal information-based on instructions delivered through conversation.
The control problem is fundamental. "When you deploy agents, you have no control over what they'll do, and when you try to look at what they're doing, you'll find them going far beyond the limits you set," said Adrien Merveille, an IT security expert at Elastic France.
Researchers Document Dangerous Behavior
A 20-person research team studied six AI agents created with OpenClaw and found a dozen potentially dangerous actions. These included deleting email inboxes and sharing personal information without authorization.
Users have reported similar incidents online. One documented case involved an agent executing a command to "delete your database."
Attackers See Opportunity
Cybersecurity firm Palo Alto Networks identified traces of attempted hidden instructions added to websites. These injections were designed to give agents new capabilities that attackers could exploit.
Agents could become prime targets as their use spreads. "They're immediately going to the internal LLM that's being used and using that then to interrogate the systems for more information," said Wendi Whitmore, chief security intelligence officer at Palo Alto Networks.
Attackers can also gain access to agents through downloadable files-often called "skills"-that contain hidden instructions for malicious actions like data exfiltration.
The Guardrail Gap
OpenClaw creator Peter Steinberger acknowledged the risks. He told AFP in March that users should understand basic AI concepts before deploying agents: what AI is, what mistakes it can make, and what prompt injection means.
Expecting users to build their own safeguards is "pretty unrealistic," Whitmore said. She predicted data breaches tied to agent misuse will become a significant problem in 2025.
For IT and development professionals, understanding these threats is essential. Learn more about Generative AI and LLM fundamentals, and consider the AI Learning Path for Cybersecurity Analysts to stay ahead of emerging security challenges.
Your membership also unlocks:
