AI 'agent' fever comes with lurking security threats / Photo: ADEK BERRY - AFP/File
-
Germany meet Ivory Coast in high-stakes World Cup clash, Sweden face Dutch
-
Ancient Greek theatre revives legendary Callas opera Medea
-
Indian guru urges broader view of yoga
-
Portugal's unofficial exorcism fever worries Church
-
Paraguay's Almiron sent off under new FIFA 'mouth-covering' rule
-
Ancelotti hails 'complete game' as Brazil sink Haiti at World Cup
-
Tunisia ask how Sweden World Cup star Ayari slipped its net
-
Scotland remain bullish despite Morocco World Cup setback
-
USA down Australia to reach World Cup knockout rounds, Brazil swat Haiti
-
Brazil cruise past Haiti to re-ignite World Cup campaign
-
Australia detects first case of contagious H5 bird flu
-
Scheffler career Slam chances blowing in Shinnecock winds
-
Iran's treatment at World Cup 'a dark point' for football: official
-
McIlroy seven back but likes his chances at US Open
-
Nagelsmann eyes same German lineup against I. Coast after Curacao trouncing
-
Clark leads US Open by four with major champs in the hunt
-
Saibari early strike gives Morocco World Cup win over Scotland
-
Archaeologists discover 'never before seen' pre-Hispanic ruins in Mexico
-
Pochettino backs 'high IQ' players to block out World Cup hype
-
James Burrows, prolific innovator in US TV comedies, dead at 85
-
Douglass breaks 50m free world record at Indy Pro Swim
-
World Cup warning with Sweden star Isak 'getting stronger and stronger'
-
'Like China': Cubans welcome reforms but exiles remain skeptical
-
Tunisia coach says 'I am no wizard' after World Cup SOS call
-
USA down Australia to reach World Cup knockout rounds
-
USA beat Australia 2-0 to reach World Cup knockouts
-
Imperious Dupont guides record-breaking Toulouse to Top 14 final
-
Qatar-gifted Air Force One replacement unveiled
-
Venezuelan opposition figure heads to US after transition talks
-
Niemann fires 65 at US Open after upsetting two-shot penalty
-
Canada star Kone to miss rest of World Cup after surgery: team
-
Spain's Yamal says 'too soon' to play full match at World Cup
-
Confident Fitzpatrick makes a run at another US Open title
-
Neymar? He is working remotely at the World Cup, jokes Lula
-
England captain Stokes strikes for Durham as Test recall looms
-
Three-time Stanley Cup champion Toews retires
-
Clark wants to win back fans as well as US Open title
-
Japan wary of fired up and wounded Tunisia for World Cup landmark game
-
Clark leads as fellow major winners charge at US Open
-
'Like a fridge': France cave homes offer lucky few respite from heat
-
Ton-up Nicholls turns the screw for New Zealand against England
-
Hormuz ship traffic climbs after war deal: trackers
-
Sun shines on jockey Lee at Royal Ascot
-
Kane hails World Cup 'Wonderwall' singalong as England highlight
-
Oil edges back up, shares steady after US-Iran talks postponed
-
Sabalenka roars back to make Berlin WTA semis
-
Europe swelters as more heat records set to tumble
-
Narvaez takes Swiss Tour third stage after 100km breakaway
-
'There's no soul': Tony Leung weighs in on AI in filmmaking
-
Europe swelters as temperature records tumble
AI 'agent' fever comes with lurking security threats
Artificial intelligence "agents" promise to save users time and energy by automating tasks, but the growing power of systems like OpenClaw is setting cybersecurity experts on edge.
Powered by a wave of hype, OpenClaw today claims more than three million users worldwide.
The system allows users to create so-called agents, tools based on a large language model (LLM) like OpenAI's ChatGPT or Anthropic's Claude that can carry out online tasks.
"We've moved from an AI you could talk with via a chatbot to an agentic AI, which can take action... the threat and the risks are definitely much greater," said Yazid Akadiri, principal solutions architect at Elastic France, an IT security company.
In an article titled "Agents of Chaos" that has yet to be peer-reviewed, a 20-strong team of researchers studied the behaviour of six AI agents created with OpenClaw.
They spotted a dozen potentially dangerous actions executed by the systems, from deleting an email inbox to sharing personal information.
Many users have posted similar stories of OpenClaw mishaps online.
"When you deploy agents, you have no control over what they'll do, and when you try to look at what they're doing, you'll find them going far beyond the limits you set," said Adrien Merveille, an expert at the Check Point cybersecurity agency.
And the security gaps are not limited to the agents' own mistaken actions.
To carry out useful work, the tools need access to personal accounts for email, calendars or search engines -- drawing the attention of cyberattackers.
- 'Delete your database' -
AI agents are likely to become top targets for hackers as their use spreads, said Wendi Whitmore, chief security intelligence officer at cybersecurity firm Palo Alto Networks.
"As soon as (attackers) are inside an environment, (they're) immediately going to the internal LLM (agent) that's being used and using that then to interrogate the systems for more information."
Palo Alto's Unit 42 research division said in early March that it had found traces of attempted attacks in the form of hidden instructions for agents added to websites.
One such command ordered any agent who might read it to "delete your database".
Other cybersecurity firms and researchers have warned that attackers could gain access to agents via so-called skills -- downloadable files that users can add to their systems to give them new abilities.
Among such files freely available for download, some include hidden instructions for malicious actions like exfiltrating data.
OpenClaw creator Peter Steinberger says he is well aware of the risks.
"I purposefully didn't make it simpler so people would stop and read and understand: what is AI, that AI can make mistakes, what is prompt injection -- some basics that you really should understand when you use that technology," he told AFP in March.
Whitmore argued that expecting users to create their own guardrails for agents is "pretty unrealistic".
"People are going to adopt innovation and really see what it's capable of before they ask the questions about, 'how do I secure my own data?'," she predicted.
"That's going to cause some significant challenges in terms of data breaches in 2026."
A.Ruiz--AT
