The National Computer Network Emergency Response Technical Team/Coordination Center of China on Tuesday issued a risk alert regarding the secure use of the AI agent software OpenClaw. The program has recently gained popularity for enabling users to control computers through natural language commands. However, the center warned that its default security configurations are relatively weak. When granted excessive system privileges, the software may pose significant security risks.
Attackers could exploit vulnerabilities to gain control of the system, potentially leading to credential leakage, accidental deletion of data, or malicious plugin poisoning. Several medium- to high-severity vulnerabilities have already been disclosed, posing threats to both personal privacy and enterprises’ core data security.
The agency advised users to strengthen network isolation, improve credential management, strictly review the sources of plugins, and apply security patches in a timely manner to mitigate potential threats. [CNCERT, in Chinese]
0 Commentaires