Cybersecurity researchers have raised alarm over potential data security risks linked to OpenClaw, a popular open-source autonomous AI agent recently acquired by Meta Platforms.
According to an advisory issued by the National Computer Network Emergency Response Technical Team of China, the system’s weak default security settings combined with deep system-level access could expose users to significant cyber threats. Researchers say attackers have already demonstrated exploits capable of stealing user data without requiring any interaction or clicks.
One of the most serious concerns highlighted in the advisory is prompt injection, a manipulation technique where hidden instructions embedded in websites or documents can trick AI agents into leaking sensitive information. The attack method, known as indirect prompt injection, can exploit tasks such as web-page summarisation or document analysis to feed malicious instructions to the AI system.
Security experts warn that such attacks could be used to manipulate automated systems in various ways, including bypassing advertising review tools, influencing algorithmic decisions, or extracting confidential information.
Meanwhile, AI developer OpenAI also acknowledged that prompt injection attacks are evolving rapidly as AI agents become more capable of browsing the internet and performing tasks on behalf of users.
Researchers recently demonstrated a particularly concerning exploit involving messaging platforms such as Telegram and Discord. In this method, attackers can trick the AI agent into generating a specially crafted URL that, when displayed as a link preview, automatically transmits sensitive data to an attacker-controlled server without the user clicking the link.
Beyond prompt injection, the advisory also flagged several additional risks, including accidental deletion of critical data due to misinterpreted instructions, malicious third-party extensions capable of executing harmful commands, and exploitation of newly discovered vulnerabilities within the platform.
Authorities warned that sectors such as finance, energy and critical infrastructure could face serious consequences if the system is compromised, including exposure of confidential business data, trade secrets and operational systems.
Following the warning, Chinese authorities have reportedly restricted the use of OpenClaw across state-run enterprises and government institutions, citing national security concerns.
Security analysts advise organisations using OpenClaw to implement strict safeguards, including limiting network access to management ports, running the system in isolated environments, installing extensions only from trusted sources and regularly updating the software to patch vulnerabilities.
The warning comes as autonomous AI agents gain popularity worldwide, raising fresh concerns about the balance between automation, innovation and cybersecurity in rapidly evolving AI ecosystems.
More Stories
Google Launches AI Professional Certificate in Pakistan to Bridge Skills Gap
HEC to Make AI Course Mandatory in All Universities Across Pakistan
Jazz CEO Aamir Ibrahim Urges AI Built for Local Realities at MWC Barcelona 2026