AP warns of major security risks with AI agents like OpenClaw

The Autoriteit Persoonsgegevens (AP), the Dutch data protection authority, warns users and organisations against the use of OpenClaw and similar experimental systems. The reason for this warning is the rapid pace at which OpenClaw has gained popularity. This type of open-source systems typically do not meet basic security requirements. The use of such systems poses major risks of data breaches and account takeovers.

OpenClaw provides users with an AI assistant which can execute tasks autonomously. To enable this, users give full access to their computer and programs, including email, files and online services. As a result, the AI assistant can perform specific tasks without explicit prior consent of the user. According to the AP, the cybersecurity community regards this type of autonomous AI agent as a 'Trojan Horse', as it is an attractive target for abuse.

Security experts worldwide signal, amongst others, that a significant proportion of the available plugins contain malware aimed at stealing login credentials or crypto credits. In addition, the platform is vulnerable to hidden commands in websites, emails and instant messages. This can lead to account takeovers, scraping personal data, and access codes. Critical vulnerabilities have also been found that allow attackers to remotely take over systems.

Call to users and organisations

The AP calls on users and organisations not to use OpenClaw and similar AI agents on systems with privacy-sensitive or confidential data. Examples of such data are access codes, financial administrations, employee data, private documents or identity documents. The AP also calls for parents to check whether their kids have installed such a system on their devices at home. Furthermore, the regulator advises being cautious with external plug-ins, applying strict access controls and renewing login details and API keys in case of risk of exposure.

Organisations and individual users remain responsible for compliance with the General Data Protection Regulation (GDPR

The General Data Protection Regulation (GDPR), together with the Law Enforcement Directive (LED), is the main privacy legislation, applying throughout the EEA.

European legislation

At the European level, the AP calls for clarification that autonomous AI agents like OpenClaw are in scope of the AI Act. The AI Act sets product requirements for the safety of these types of systems so that unsafe applications can be excluded from the market.

Security risks of OpenClaw

OpenClaw runs locally on the user's computer. This does not automatically mean that the system is secure. Without proper security and risk management, its use can lead to serious security incidents, data breaches and unauthorised access to personal data.

Based on recent findings by security researchers, the AP points to the following risks, among others:

• Users can provide OpenClaw with additional features by installing so-called plug-ins. About one-fifth of those plugins appear to contain malware, which, for example, can steal login credentials or crypto credits from the user.
• OpenClaw's platform is vulnerable to hidden commands (indirect prompt injection), which can be hidden in seemingly normal websites, emails or instant messages. The AI system could then, for example:
  • Acquire accounts from linked services (such as Google, Facebook, and Apple ID). The hacker basically gets a master key from the user to a lot of (personal) data and access to other linked services.
  • Read emails, view calendars and use local files, such as personal documents.
  • Steal API keys from AI models, which can take over the use of the AI service.
• Critical security vulnerabilities. An attacker (hacker) can execute malicious commands or code remotely, without physical access to the computer in question. For example, the attacker can take full control via OpenClaw (or a similar AI system), steal data or install malware.
• Data breaches. Also, OpenClaw allows a user to install or set up incorrect configurations, allowing personal data to be publicly visible.