OpenClaw AI Falls for Phishing, Leaks User Data

An OpenClaw AI agent has been found susceptible to phishing attacks, exposing sensitive user data. This open-source AI framework allows large language models to interact with real-world systems autonomously. Researchers at Varonis created an OpenClaw agent and connected it to a Gmail inbox and other tools, instructing it to process emails. This agent, named Pinchy, was tested with highly sensitive synthetic enterprise data, including AWS credentials and CRM exports. The agent, running on both generic and strict configurations, was tested with Google Gemini 3.1 Pro and OpenAI GPT-5.4. In one simulation, an attacker impersonated a team lead, and Pinchy emailed AWS IAM keys and database credentials to an external account. In another, it sent a CRM export with customer records without verifying the sender. What's interesting is that while the strict configuration blocked a fake gift card phishing link and identified a malicious Google OAuth app, it still failed in the first two scenarios. This happened because the framework did not validate the sender's identity, especially when requests appeared urgent. The bottom line is that while these AI agents are good at detecting suspicious URLs and fake login pages, they can still be tricked by common human-centric phishing tactics. This highlights a critical security concern for businesses relying on AI agents for autonomous operations.