What the Open Claw vulnerability reveals about the future of agentic AI security | Tech Radar
Overview
News, deals, reviews, guides and more on the newest computing gadgets
Start exploring exclusive deals, expert advice and more
Details
Unlock and manage exclusive Techradar member rewards.
Unlock instant access to exclusive member features.
Get full access to premium articles, exclusive features and a growing list of member rewards.
What the Open Claw vulnerability reveals about the future of agentic AI security
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
When employees and developers adopt new tools independently, IT management often discovers them only after they are deeply embedded in daily workflows.
Open Claw, a widely used AI agent, illustrates this point clearly. On the surface, it provides convenience, managing tasks, sending messages, and automating repetitive workflows.
Behind the scenes, it operates with broad authority, holding credentials, executing commands, and connecting across systems without oversight.
The vulnerability identified by our Threat Research Team is a window into a larger truth: AI agents are now operational actors rather than simple productivity tools.
They act autonomously and silently, representing a new class of enterprise risk. Security leaders can no longer ignore the risks these agents pose. They must understand how and why compromises occur.
Always-on AI Agents put everything hackers could ever want behind a single attack surface
Why self-running agents are creating the biggest security crisis of 2026
Open Claw became widely adopted almost immediately after release. It runs locally on machines, connects to messaging platforms, developer tools, and calendars, and can manage complex workflows independently.
Its architecture consists of a local gateway that coordinates connected nodes. These nodes can execute system commands, access files, and interact with other platforms. Users control the agent through web interfaces or command-line terminals, but once configured, the agent operates without direct oversight.
This adoption reflects a broader reality. AI agents are becoming the operating layer of the enterprise. Governance is not keeping pace, and that gap is what separates organizations that will scale from those that will struggle to control what they have deployed. According to Deloitte, 74% of companies plan to deploy agentic AI within two years, while only 21% have a mature governance model in place. That gap is precisely what makes agents like Open Claw so dangerous. They are powerful, often invisible to IT teams, and operating well ahead of the policies meant to contain them.
Our Oasis Security Research Team uncovered a vulnerability that illustrates the risks of under-governed AI agents. In Open Claw, any website visited by a developer could silently take control of the local agent. No extensions, plugins, or user action were required.
The attack exploited Open Claw’s local Web Socket gateway. Malicious Java Script could connect to the gateway, brute-force the password, and register as a trusted device. Once authenticated, the attacker could access configuration data, enumerate connected nodes, read logs, and execute commands across connected systems.
Weak safeguards leave thousands of AI agents open to attack
How AI agents are wrecking havoc in legacy security setups and enterprises are catching up
Shadow AI and agents like Open Claw are hijacking corporate data too easily
Compromising a single AI agent could effectively compromise an entire workstation. Open Claw maintainers issued a fix within 24 hours, but the vulnerability highlights a systemic risk. Autonomous agents operating outside governance create opportunities for attacks that are difficult to detect and contain.
AI agents are not traditional business software. They are autonomous entities with privileges across enterprise systems. They require identities to take action, and can perform multi-step actions, and interact with internal and external environments without supervision.
AI agents respond dynamically to input and can operate continuously. This autonomy makes attacks such as agent hijacking and prompt manipulation more consequential. Open Claw illustrates how misplaced trust assumptions, such as allowing local connections broad privileges, can be exploited. Similar risks exist wherever autonomous agents are deployed without clear governance.
Many AI agents are deployed without IT or security awareness. This shadow AI exists on developer machines, storing credentials, connecting to messaging platforms, and executing actions independently.
The danger is tangible. Shadow AI may carry elevated access to sensitive systems with no oversight to match. As adoption grows, organizations face increasing risk from autonomous agents that act silently. The next breach may originate not from a person, but from an AI system trusted to perform work on their behalf.
The window for getting governance right is closing fast. Pw C finds that 79% of organizations have already deployed AI agents at some level. The organizations that will scale AI successfully are the ones building governance infrastructure now:
-
Gain visibility. Inventory AI agents, autonomous assistants, and local LLM servers across developer environments. Unseen agents are ungoverned agents.
-
Patch without delay. Vulnerable agents, including Open Claw, must be updated immediately. Treat these updates with the same priority as critical security patches.
-
Scope access carefully. Agents hold credentials often with elevated permissions. Audit these privileges and enforce least privilege wherever possible.
-
Govern non-human identities rigorously. Treat agents as identities. Implement intent analysis to understand proposed actions, enforce deterministic policies to prevent unsafe operations, grant just-in-time scoped access, and maintain full auditability linking human intent to agent action.
These measures allow organizations to balance safety with innovation.
Open Claw has been patched, but Oasis’ discovery serves as a warning. AI agents are operational actors, not tools. Organizations that continue to treat them as productivity features are operating in the dark and inviting risk.
AI agents are already part of enterprise workflows. The question is no longer whether to govern them, but whether your organization will build that capability before an incident arises. Organizations that enforce policy, maintain full audit trails, and govern agentic identities will be the ones that scale AI with confidence. Those that fail to adapt will find that the next enterprise compromise originates not from a human, but from the very autonomous systems they trusted to accelerate work.
This article was produced as part of Tech Radar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of Tech Radar Pro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
You must confirm your public display name before commenting
1AI could actually be driving positive tech job growth in Europe – but still presents growing security risks and skills gap
2 Apple’s Siri update may bring big changes to the Home Pod mini and Apple TV
3 Dutton Ranch episode 6 release date and time on Paramount+
4 Windows 11 search could soon get one of my most-wanted changes
5 Here are 3 TVs I recommend for your World Cup shopping list
Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.
Key Takeaways
- News, deals, reviews, guides and more on the newest computing gadgets
- Start exploring exclusive deals, expert advice and more
- Unlock and manage exclusive Techradar member rewards
- Unlock instant access to exclusive member features
- Get full access to premium articles, exclusive features and a growing list of member rewards
