Critical OpenClaw Vulnerability Exposes AI Agent Risks - Dark Reading

A high-severity vulnerability in the OpenClaw AI agent allowed malicious websites to hijack a developer's AI agent and gain full device control without user interaction. This exploit stemmed from OpenClaw's implicit trust of localhost connections, enabling attackers to brute-force the local gateway password via WebSocket and register malicious scripts.