Key Findings

• AI-based assistants ("agents") are growing in popularity, with the new OpenClaw AI assistant seeing rapid adoption

• OpenClaw and other AI assistants can automate virtually any task, accessing the user's computer, files, online services, and integrations

• Poorly secured AI assistants pose significant risks to organizations, with examples of AI agents accidentally deleting data or being exposed to the internet

• Attacking misconfigured AI agent web interfaces can allow attackers to impersonate the operator, access conversation history, and manipulate information

• Securing AI agents is critical to prevent "prompt injection" attacks, where machines socially engineer other machines

Background

AI-based assistants, or "agents," are autonomous programs designed to take actions on behalf of users without constant prompting. These powerful tools can access a user's entire digital life, managing inboxes, calendars, executing programs, browsing the internet, and integrating with various communication platforms. The new OpenClaw AI assistant has seen rapid adoption since its release in 2025, touted for its ability to automate tasks and streamline workflows.

Risks of Unsecured AI Assistants

However, the convenience of these AI agents comes with significant security risks. Recent incidents, such as Meta's director of AI safety having her OpenClaw installation accidentally delete her entire inbox, have highlighted the potential for these tools to cause unintended damage. Penetration testers have also discovered that many users are exposing the web-based administrative interfaces for their AI assistants to the internet, allowing attackers to read configuration files and impersonate the operator. This can enable data theft, message manipulation, and other malicious activities.

Supply Chain Attacks through AI Repositories

Another concern is the potential for supply chain attacks targeting the AI assistant ecosystem. Repositories like ClawHub, which provide downloadable "skills" to extend OpenClaw's functionality, can be abused to inject malicious code into the AI agent's workflow. These attacks can be difficult to detect, as the attacker can manipulate the information displayed to the user.

Mitigating AI Agent Security Risks

Securing AI agents is critical to prevent "prompt injection" attacks, where natural language instructions are used to trick the system into bypassing its own security measures. Careful isolation and control over who and what can interact with the AI assistant is essential to maintaining security.

Sources

• https://krebsonsecurity.com/2026/03/how-ai-assistants-are-moving-the-security-goalposts/

• https://www.linkedin.com/posts/the-cyber-security-hub_how-ai-assistants-are-moving-the-security-activity-7436556659944230912-Gqit