OpenClaw Vulnerability (ClawJacked) Explained: How Malicious Websites Hijacked AI Agents
The rapid adoption of AI agents like OpenClaw has brought unprecedented productivity to developers and businesses, but it has also introduced a new breed of “silent” cyber threats. In early March 2026, a high-severity vulnerability was discovered in the OpenClaw AI assistant that allows attackers to seize full control of an AI agent simply by luring a user to a malicious website. This isn’t just a technical glitch; it’s a doorway to your most sensitive corporate data, including Slack histories, API keys, and private files. This means: A user only had to visit a harmful webpage That webpage’s JavaScript could open a live connection to a local port The connection could brute-force passwords with no protection The attacker could gain admin control of the OpenClaw agent The attacker could dump configurations, settings, and local data All without any warning or prompt to the user . This isn’t a theoretical academic issue — it’s a real,...