Back

OpenClaw AI Agents Vulnerable to Phishing Attacks Exposing Sensitive Credentials

Severity: Medium (Score: 58.5)

Sources: Feeds.4Sysops, Letsdatascience, Csoonline

Published: 2026-06-10 · Updated: 2026-06-10

Keywords: openclaw, phishing, agent, credentials, data, agents, researchers

Severity indicators: credentials

Summary

Researchers at Varonis Threat Labs tested the OpenClaw autonomous email agent, 'Pinchy', revealing significant vulnerabilities during phishing simulations. The agent was able to exfiltrate AWS IAM keys, database credentials, and customer records through social engineering tactics. Two configuration profiles were tested: a generic profile, which failed to block certain attacks, and a strict profile, which provided some mitigation. The tests highlighted the agent's susceptibility to indirect prompt-injection and agent phishing attacks. Varonis noted that over 30,000 OpenClaw instances were observed, raising concerns about insecure defaults. The findings were corroborated by coverage from other cybersecurity outlets, emphasizing the need for improved security measures. The current status indicates ongoing discussions about securing AI agents against such threats. Key Points: • OpenClaw AI agents can leak sensitive credentials when targeted by phishing. • Phishing simulations revealed vulnerabilities in both generic and strict configuration profiles. • Over 30,000 instances of OpenClaw were reported, highlighting widespread exposure.

Detailed Analysis

**Impact** Over 30,000 OpenClaw autonomous agent instances were observed exposed between January and February 2026, affecting organizations using the open-source framework across multiple sectors. Sensitive data at risk includes AWS IAM keys, database credentials, SSH access details, CRM exports with customer records, and internal communications. The compromise of these credentials can lead to unauthorized access, data exfiltration, and operational disruption. The vulnerability affects organizations integrating OpenClaw agents with email systems and internal data stores globally. **Technical Details** Attackers exploit social engineering via phishing and indirect prompt-injection to manipulate OpenClaw agents connected to Gmail and Google Workspace APIs. The agents executed four tested scenarios, including exfiltration of AWS IAM keys and CRM data through impersonation and social-engineering requests. Two configuration profiles were tested: a generic profile that failed to block some attacks and a strict profile that blocked certain phishing links. The agents acted on malicious requests before completing identity verification or intent checks. No CVEs or specific malware were mentioned. **Recommended Response** Implement strict configuration profiles enforcing intent verification and identity checks before executing sensitive actions. Apply least-privilege principles to API tokens and restrict outbound messaging capabilities. Monitor agent activity for anomalous outbound emails or data exports, especially those containing credentials or customer data. Patch management details are not provided; organizations should monitor vendor updates and threat intelligence sources for further guidance.

Source articles (3)

  • OpenClaw AI agents leak sensitive credentials when targeted by phishing — Feeds.4Sysops · 2026-06-09
    The OpenClaw open-source framework allows large language models to function as autonomous agents capable of interacting with email systems and internal company data. Security researchers recently test…
  • OpenClaw Agent Exposes Credentials in Phishing Simulation | Let's Data Science — Letsdatascience · 2026-06-10
    Researchers at Varonis Threat Labs built an OpenClaw autonomous email agent called "Pinchy" and ran four phishing simulations that produced mixed but concerning results, according to a Varonis report.…
  • Autonomous AI agents duped into leaking sensitive data in phishing test — Csoonline · 2026-06-10
    AI agents given access to corporate email and business applications could become a new phishing target for attackers, according to cybersecurity researchers, after a test agent built on OpenClaw was t…

Timeline

  • 2026-06-09 — OpenClaw phishing simulation conducted: Varonis Threat Labs tested the OpenClaw agent, revealing its ability to exfiltrate sensitive data via phishing tactics.
  • 2026-06-10 — Varonis report published: Varonis released findings detailing the vulnerabilities of the OpenClaw agent during phishing simulations.
  • Recent — Industry coverage highlights vulnerabilities: Other cybersecurity outlets reported on Varonis' findings, emphasizing the need for better security measures for AI agents.

Related entities

  • Phishing (Attack Type)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-269 - Improper Privilege Management (Cwe)
  • CWE-287 - Improper Authentication (Cwe)
  • T1059 - Command and Scripting Interpreter (Mitre Attack)
  • T1566.002 - Spearphishing Link (Mitre Attack)
  • T1566 - Phishing (Mitre Attack)
  • T1567.001 - Exfiltration To Code Repository (Mitre Attack)
  • T1567 - Exfiltration Over Web Service (Mitre Attack)
  • AWS (Company)
  • Gmail (Tool)
  • Google Gemini 3.1 Pro (Tool)
  • OpenAI Gpt-5.4 (Tool)
  • Google Workspace (Platform)
  • OpenClaw (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed