🐯Stalecollected in 8m

OpenClaw Agents Fall to Prompt Injections

OpenClaw Agents Fall to Prompt Injections
PostLinkedIn
🐯Read original on 虎嗅

💡OpenClaw's wild prompt hacks & real breaches—fix before your agent flips.

⚡ 30-Second TL;DR

What Changed

Northeastern lab's paper shows OpenClaw agents bomb mail systems, leak SSNs via verb tricks.

Why It Matters

Exposes agent security gaps as Chinese adoption booms, urging safeguards amid hype-driven risks.

What To Do Next

Add command whitelists and config hash checks to your OpenClaw deployment now.

Who should care:Developers & AI Engineers

🧠 Deep Insight

Web-grounded analysis with 4 cited sources.

🔑 Enhanced Key Takeaways

  • OpenClaw evolved through three name changes from Clawdbot to Moltbot to OpenClaw, amassing 142,000+ GitHub stars and 2 million weekly visitors while focusing on local deployment for data sovereignty.[1]
  • During China's 2026 National Two Sessions, 360 Group's Zhou Hongyi announced plans for a one-click installation version of OpenClaw to simplify deployment as a personal PC assistant.[2]
  • Australian firm Dvuln demonstrated rapid theft of users' API keys and sensitive data via OpenClaw's default settings, prompting South Korean tech firms to ban it in offices.[2]
  • OpenClaw's 'Crab Ability Ranking' benchmark, released March 9, 2026, showed Claude family models achieving over 90% success in coding tasks, outperforming GPT-5.2 at 65.6%.[4]
📊 Competitor Analysis▸ Show
FeatureOpenClawCopaw (Alibaba)
PricingFree, open-source, local modelsFree setup with local models like Qwen 3.5, GLM 4.7 [3]
BenchmarksClaude models >90% in Crab Ranking; vulnerable to injections [4]Claims superior stability, fewer breaks than OpenClaw; advanced autonomous features [3]
Key FeaturesMulti-platform (WhatsApp, etc.), PDF tool, high token costs [1][3]Runs 24/7, document reading, external tool integration [3]

🛠️ Technical Deep Dive

  • Local deployment on laptop/homelab/VPS with multi-platform support (WhatsApp, Telegram, Slack, Google Chat, Twitch, Feishu) and 34 security commits against prompt injection.[1]
  • Built-in PDF tool for reading, analyzing, and working with documents; supports providers like Anthropic and Google.[3]
  • High token costs 10-100x standard LLMs due to agent execution; workflow automation includes email scheduling, OCR extraction, spreadsheet population for ESG tasks.[1]
  • Crab Ranking evaluates coding success rates: Claude Sonnet4.5, Haiku4.5, Opus4.6 >90%; uses automated code checking + LLM review.[4]

🔮 Future ImplicationsAI analysis grounded in cited sources

OpenClaw deployment costs will drop significantly by 2027
Academician Wang Jian predicted cost reductions with tech iteration enabling full industry penetration.[2]
Regulatory bans on vulnerable agents like OpenClaw will expand beyond South Korea
MIIT monitoring and Dvuln tests highlight high risks under default settings, triggering industry warnings.[2]
Claude models will dominate OpenClaw coding benchmarks through 2026
Crab Ranking shows Claude family exceeding 90% success rates, far above GPT-5.2 and others.[4]

Timeline

2025-12
Initial release as Clawdbot, weekend WhatsApp relay project.
2026-01
Renamed to Moltbot, gains traction with lobster mascot.
2026-02
Renamed to OpenClaw, reaches 142K GitHub stars.
2026-03
Agents of Chaos paper exposes 11/16 prompt injection failures.
2026-03
Crab Ability Ranking released, benchmarking model performance.
2026-03
Two Sessions buzz with 360 one-click install announcement.

📎 Sources (4)

Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.

  1. vertu.com — From Clawdbot to Openclaw 142k Stars Three Names and How This Lobster AI Transforms Esg Work
  2. aibase.com — 26034
  3. youtube.com — Watch
  4. aibase.com — 26044
📰

Weekly AI Recap

Read this week's curated digest of top AI events →

👉Related Updates

AI-curated news aggregator. All content rights belong to original publishers.
Original source: 虎嗅