OpenClaw Flaw: Hackers Hijack AI Agents, Steal Credentials

Hackers could exploit four vulnerabilities in OpenClaw, an open-source platform for autonomous AI agents, to hijack these systems. These flaws, collectively called "Claw Chain" by Cyera researchers, allowed attackers to steal credentials and plant backdoors. All versions of OpenClaw released before April 23 were affected. The most severe flaw, CVE-2026-44112, had a CVSS score of 9.6. It exploited a timing gap, letting attackers manipulate actions between safety checks and execution. This could redirect write operations outside the sandbox. The other three flaws completed the attack sequence. One exposed environment variables, another allowed privilege escalation, and the third mirrored the first flaw on the read side, exposing system files and internal credentials. Cyera states that by weaponizing the agent's privileges, an adversary can achieve data access, privilege escalation, and persistence. This makes detection harder because each step looks like normal agent behavior. Justin Fier of Darktrace notes that OpenClaw's architecture makes it an ideal vehicle for undetected movement within a network. If an attacker compromises an agent, they can operate with the same permissions the user granted. This highlights a significant new risk for AI agent security.