OpenClaw AI agent found falling for phishing attacks, spills user data

Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users.

The OpenClaw open-source AI agent framework allows large language models (LLMs) to interact with real-world systems and perform actions autonomously. It can be used as an email agent for basic reasoning and operations.

Researchers at security firm Varonis created an OpenClaw agent and connected it to a Gmail inbox, browser tools, Google Workspace APIs, and fabricated internal company data sources, instructing it to monitor and process incoming emails.

The synthetic enterprise data included AWS credentials, database credentials, CRM exports, internal communications, and Calendar invites, all highly sensitive data.

The agent ran on two configurations: a generic one with standard productivity instructions, and a strict mode that included specific instructions for phishing awareness and identity verification procedures.