Security researchers have identified critical vulnerabilities in OpenClaw, an AI agent platform, that allow attackers to bypass enterprise security systems without triggering alerts. The flaws enable malicious actors to embed hidden instructions in routine tasks that can exfiltrate credentials and data through legitimate API calls.

Token Security found that 22% of its enterprise customers have employees running OpenClaw without IT approval, while Bitsight identified more than 30,000 publicly exposed instances within two weeks. A Snyk audit revealed that 36% of all ClawHub skills contain security flaws, raising concerns about the platform's security posture.

Researchers have identified three primary attack surfaces that current security tools cannot detect. The first involves runtime semantic exfiltration, where malicious behavior is encoded in meaning rather than binary patterns. The second is cross-agent context leakage, allowing prompt injections in one channel to affect decisions across entire agent chains. The third involves agent-to-agent trust chains with no mutual authentication, enabling compromised agents to inherit trust from other agents in workflows.

In response to these vulnerabilities, six independent security teams developed defense tools within 14 days. Solutions include ClawSec for continuous verification, IronClaw for WebAssembly sandboxing, and Carapace for OS-level subprocess sandboxing. VirusTotal integration now scans published ClawHub skills for malicious packages.

Jamieson O'Reilly, security adviser to the OpenClaw project, acknowledged the platform "wasn't designed from the ground up to be as secure as possible" and is working on a capabilities specification proposal that would require skills to declare explicit permissions before execution, similar to mobile app permission systems.

Nvidia separately announced NemoClaw, an enterprise AI agent platform built on OpenClaw technology, positioning it as a potential solution to security concerns in enterprise environments.