Originally reported by Hackread
TL;DR
Security researchers at Oasis Security have identified a critical vulnerability dubbed ClawJacked in OpenClaw that enables attackers to hijack AI agents through malicious websites. The attack requires only a simple browser tab to compromise AI assistants.
The vulnerability allows remote hijacking of AI agents through simple browser interactions, posing significant risk to AI-powered applications and services. While exploitation requires user interaction, the attack vector is highly accessible.
Security researchers at Oasis Security have disclosed a critical vulnerability in OpenClaw that enables attackers to hijack AI agents through browser-based attacks. The vulnerability, designated ClawJacked, allows malicious websites to compromise AI assistants when users visit specially crafted web pages.
The ClawJacked vulnerability exploits weaknesses in OpenClaw's browser integration mechanisms. According to Oasis Security's findings, attackers can leverage malicious browser tabs to gain unauthorized control over AI agents, potentially allowing them to:
The attack requires minimal user interaction, making it particularly dangerous for organizations deploying AI agents that interact with web content or operate in browser environments.
The vulnerability poses significant risks to organizations utilizing OpenClaw-based AI agents, particularly those integrated with web browsers or handling sensitive operations. Successful exploitation could lead to:
Organizations using OpenClaw should immediately assess their AI agent deployments and implement the following measures:
The disclosure highlights the evolving attack surface introduced by AI agents and the critical importance of securing AI-browser integrations as these technologies become more prevalent in enterprise environments.
Originally reported by Hackread