OpenClaw: The Wild West of AI Agents Is Here, And Security Experts Are Worried

OpenClaw: The Wild West of AI Agents Is Here, And Security Experts Are Worried

Security experts are uneasy about OpenClaw, the open-source AI agent that's pushing autonomy to the extreme. Developed by Peter Steinberger and originally known as ClawdBot, OpenClaw takes the chatbots we know and gives them the tools to interact directly with your computer—and others across the internet.

The result? A tool that can send emails, read messages, order concert tickets, and make restaurant reservations autonomously. But the same power that makes it exciting also makes it dangerous.

The 'No Rules' Problem

"The only rule is that it has no rules," said Ben Seri, cofounder and CTO at Zafran Security. "That's part of the game. But that game can turn into a security nightmare, since rules and boundaries are at the heart of keeping hackers and leaks at bay."

Unlike traditional apps that ask for permission at each step, OpenClaw decides on its own when to use its skills—and how to chain them together. A small permission mistake can quickly snowball into something serious.

"Imagine using it to access the reservation page for a restaurant and it also having access to your calendar with all sorts of personal information," explained Colin Shea-Blymyer, a research fellow at Georgetown's Center for Security and Emerging Technology. "Or what if it's malware and it finds the wrong page and installs a virus?"

The Prompt Injection Threat

One of the most serious concerns is prompt injection attacks. This is where someone includes malicious instructions for the AI agent in data that it might use—like a webpage, email, or file.

Since OpenClaw can browse the web and execute commands, a carefully crafted prompt injection could potentially instruct it to do things its user never intended: exfiltrate data, send messages to contacts, or make unauthorized purchases.

What This Means for the Industry

Despite the risks, enterprise companies will likely be slower to adopt such systems. "We will learn a lot about the ecosystem before anybody tries it at an enterprise level," said Shea-Blymyer.

For now, security experts recommend treating OpenClaw like a chemistry lab with highly explosive materials—experiment carefully, if at all.

The Bigger Picture

OpenClaw represents a fundamental tension in AI agent design: the more access you give them, the more useful they become—but also the more dangerous. As AI agents move from experimentation to execution, the industry is grappling with how to balance capability with safety.

Whether you're a hobbyist or an enterprise decision-maker, the OpenClaw situation serves as a reminder: the autonomous AI future is arriving fast, and we're still figuring out the safety rails.

Sources:

• •Fortune: Why OpenClaw, the open-source AI agent, has security experts on edge
• •Georgetown CSET: CyberAI Project