AI 'agent' fever comes with lurking security threats / Photo: © AFP/File
-
Australian soldier charged with war crimes vows to clear his name
-
Branded pop-up events take center stage at Coachella
-
AI 'agent' fever comes with lurking security threats
-
How France fell for reimagined 19th-century workers' canteens
-
South Korea's chainsaw artist carves a name for herself at 91
-
Blue Origin set to launch rocket with reusable booster for first time
-
Strait of Hormuz to stay closed until port blockade lifts, Iran says
-
Iraq fish die-off leaves farmers mourning lost livelihoods
-
Crisis-hit Bulgaria votes in eighth election in five years
-
'Pure joy' for Matarazzo after Copa del Rey triumph
-
Messi scores winner as Miami down Colorado on coach debut
-
Nuggets hold off T'Wolves, Cavs thump Raptors in NBA playoff openers
-
Fitzpatrick extends lead as Scheffler charges at RBC Heritage
-
Real Sociedad secure Copa del Rey penalty triumph over Atletico
-
'Scandalous' Marseille lose at Lorient, dent Champions League bid
-
Arteta urges Arsenal to have no regrets in Man City title showdown
-
Substitute Dupont helps Toulouse cruise past Castres in Top 14
-
Questions surround Warriors after NBA play-in exit
-
Man Utd beat Chelsea as Spurs stunned by Brighton equaliser
-
Cunha steers Man Utd towards Champions League at Chelsea's expense
-
Cavs cruise past Raptors in NBA playoff opener
-
England beat Iceland to stay perfect in Women's World Cup qualifying
-
Spurs 'not finished yet', says defiant De Zerbi
-
Germany's Gnabry a World Cup doubt after thigh injury
-
Spurs stunned by late Brighton equaliser, Leeds pull clear of trouble
-
At least 6 killed after gunman opens fire in Ukrainian capital
-
Relegation-haunted Spurs count cost of Brighton draw
-
Spurs count cost after Brighton draw leaves them in drop zone
-
'Scandalous' Marseille lose at Lorient, damage Champions League bid
-
Abhishek fireworks, Malinga spell sink Chennai
-
Napoli's Serie A title defence nears end with Lazio defeat
-
England run in 12 tries to hammer Scotland in Six Nations
-
Rybakina powers past Andreeva to reach Stuttgart final
-
At least 5 killed after gunman opens fire in Ukrainian capital
-
Rublev, Fils fightbacks set up Barcelona Open final
-
Leeds pull clear of trouble, Bournemouth sink Newcastle
-
Spain rout Ukraine to boost Women's World Cup qualifying hopes
-
Bayern close in on Bundesliga title as Dortmund lose
-
US extends sanctions waiver on purchases of Russian oil
-
Trump signs order to fast-track research on psychedelic drugs
-
Cobolli downs Zverev to set up Munich final with Shelton
-
Pope arrives in Angola on Africa tour overshadowed by Trump
-
Thousands protest in Germany urging faster green shift
-
La Rochelle thump threadbare Bordeaux-Begles
-
Trade ships hit in Hormuz as Iran recloses strait
-
Muchova battles past Svitolina to book Stuttgart final berth
-
Allegri rules out taking Italy job, wants to stay at AC Milan
-
Miller bludgeons Delhi to IPL win over Bengaluru
-
Pope says he regrets his remarks interpreted as a debate with Trump
-
Brentford blow chance for top six in Fulham stalemate
AI 'agent' fever comes with lurking security threats
Artificial intelligence "agents" promise to save users time and energy by automating tasks, but the growing power of systems like OpenClaw is setting cybersecurity experts on edge.
Powered by a wave of hype, OpenClaw today claims more than three million users worldwide.
The system allows users to create so-called agents, tools based on a large language model (LLM) like OpenAI's ChatGPT or Anthropic's Claude that can carry out online tasks.
"We've moved from an AI you could talk with via a chatbot to an agentic AI, which can take action... the threat and the risks are definitely much greater," said Yazid Akadiri, principal solutions architect at Elastic France, an IT security company.
In an article titled "Agents of Chaos" that has yet to be peer-reviewed, a 20-strong team of researchers studied the behaviour of six AI agents created with OpenClaw.
They spotted a dozen potentially dangerous actions executed by the systems, from deleting an email inbox to sharing personal information.
Many users have posted similar stories of OpenClaw mishaps online.
"When you deploy agents, you have no control over what they'll do, and when you try to look at what they're doing, you'll find them going far beyond the limits you set," said Adrien Merveille, an expert at the Check Point cybersecurity agency.
And the security gaps are not limited to the agents' own mistaken actions.
To carry out useful work, the tools need access to personal accounts for email, calendars or search engines -- drawing the attention of cyberattackers.
- 'Delete your database' -
AI agents are likely to become top targets for hackers as their use spreads, said Wendi Whitmore, chief security intelligence officer at cybersecurity firm Palo Alto Networks.
"As soon as (attackers) are inside an environment, (they're) immediately going to the internal LLM (agent) that's being used and using that then to interrogate the systems for more information."
Palo Alto's Unit 42 research division said in early March that it had found traces of attempted attacks in the form of hidden instructions for agents added to websites.
One such command ordered any agent who might read it to "delete your database".
Other cybersecurity firms and researchers have warned that attackers could gain access to agents via so-called skills -- downloadable files that users can add to their systems to give them new abilities.
Among such files freely available for download, some include hidden instructions for malicious actions like exfiltrating data.
OpenClaw creator Peter Steinberger says he is well aware of the risks.
"I purposefully didn't make it simpler so people would stop and read and understand: what is AI, that AI can make mistakes, what is prompt injection -- some basics that you really should understand when you use that technology," he told AFP in March.
Whitmore argued that expecting users to create their own guardrails for agents is "pretty unrealistic".
"People are going to adopt innovation and really see what it's capable of before they ask the questions about, 'how do I secure my own data?'," she predicted.
"That's going to cause some significant challenges in terms of data breaches in 2026."
L.Maurer--VB