Artificial intelligence (AI) “agents” say they can save users time and energy by automating tasks, but the growing power of systems such as OpenClaw is putting cybersecurity experts on edge.
Powered by a wave of hype, OpenClaw today says it has more than three million users worldwide.
The system allows users to create so-called agents, tools based on a large language model (LLM) such as OpenAI’s ChatGPT or Anthropic PBC’s Claude, that can carry out online tasks.
Photo: AFP
“We’ve moved from an AI you could talk with via a chatbot to an agentic AI, which can take action... the threat and the risks are definitely much greater,” said Yazid Akadiri, principal solutions architect at IT security company Elastic France.
In an article titled “Agents of Chaos” which has yet to be peer-reviewed, a 20-strong team of researchers studied the behavior of six AI agents created with OpenClaw.
They spotted a dozen potentially dangerous actions executed by the systems, from deleting an email inbox to sharing personal information.
Many users have posted similar stories of OpenClaw mishaps online.
“When you deploy agents, you have no control over what they’ll do and when you try to look at what they’re doing, you’ll find them going far beyond the limits you set,” Check Point Software Technologies Ltd expert Adrien Merveille said.
The security gaps are not limited to the agents’ own mistaken actions.
To carry out useful work, the tools need access to personal accounts for email, calendars or search engines — drawing the attention of cyberattackers.
AI agents are likely to become top targets for hackers as their use spreads, Palo Alto Networks Inc chief security intelligence officer Wendi Whitmore said.
“As soon as [attackers] are inside an environment, [they are] immediately going to the internal LLM [agent] that’s being used and using that then to interrogate the systems for more information.”
Palo Alto’s Unit 42 research division said last month that it had found traces of attempted attacks in the form of hidden instructions for agents added to Web sites.
One such command ordered any agent who might read it to “delete your database.”
Other cybersecurity firms and researchers have warned that attackers could gain access to agents via so-called skills — downloadable files that users can add to their systems to give them new abilities.
Among such files freely available for download, some include hidden instructions for malicious actions such as exfiltrating data.
OpenClaw creator Peter Steinberger says he is well aware of the risks.
“I purposefully didn’t make it simpler so people would stop and read and understand: what is AI, that AI can make mistakes, what is prompt injection — some basics that you really should understand when you use that technology,” he told AFP last month.
Whitmore argued that expecting users to create their own guardrails for agents is “pretty unrealistic.”
“People are going to adopt innovation and really see what it’s capable of before they ask the questions about, ‘how do I secure my own data?’” she predicted.
“That’s going to cause some significant challenges in terms of data breaches in 2026.”
Elon Musk’s lieutenants have reached out to chip industry suppliers, including Applied Materials Inc, Tokyo Electron Ltd and Lam Research Corp, for his envisioned Terafab, early steps in an audacious and likely arduous attempt to break into the production of cutting-edge chips. Staff working for the joint venture between Tesla Inc and Space Exploration Technologies Corp (SpaceX) have sought price quotes and delivery times for an array of chipmaking gear, people familiar with the matter said. In past weeks, they’ve contacted makers of photomasks, substrates, etchers, depositors, cleaning devices, testers and other tools, according to the people, who asked not to
NO SHORTCUTS: Asked about Elon Musk’s Terafab initiative, TSMC CEO C.C. Wei said it takes two to three years to build a fab and another one to two to ramp it up Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) yesterday raised its revenue growth forecast for this year to above 30 percent, up from the 25 percent it estimated three months earlier, citing extremely robust artificial intelligence (AI)-related chip demand. “Our customers and customers’ customers, who are mainly cloud service providers, continue to send us very positive signals and outlook,” TSMC chairman and CEO C.C. Wei (魏哲家) said at an earnings conference. The company also hiked its capital expenditure for this year toward the higher end of its forecast, or US$56 billion, as it aims to step up advanced chip capacity expansions, such as
The founder of Chinese property giant Evergrande Group (恆大集團) has pleaded guilty to charges of fraud and bribery, a court said yesterday, the latest blow for what was once the country’s leading developer. Evergrande’s rise was propelled by decades of rapid urbanization and rising living standards, but in 2020, its access to credit dramatically narrowed when the government introduced curbs on excessive borrowing and speculation. The company defaulted in 2021 after struggling to repay creditors. Founder Xu Jiayin (許家印), 67, known as Hui Ka Yan in Cantonese, was reportedly held by police in 2023, with Evergrande saying he had been subjected to
Taiwan is attracting a growing number of foreign jobseekers as companies increasingly recruit overseas talent to ease labor shortages and expand global reach, recruitment platform 104 Job Bank (104人力銀行) said yesterday. More than 40,000 foreign nationals searched for jobs in Taiwan through the platform last year, a 28 percent increase from a year earlier, the company said. Malaysians accounted for the largest share of overseas jobseekers at 12.2 percent, followed by Indonesians at 11.9 percent and Vietnamese at 10.8 percent. Indonesian applicants surged more than 50 percent year-on-year, while Vietnamese jobseekers rose by more than 30 percent. Applicants from the
RSS