The ClawJacked vulnerability found by Oasis researchers comes from the inherent trust OpenClaw puts into locally originated connections.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

Oasis Security researchers discovered a vulnerability called 'ClawJacked' in the OpenClaw AI personal assistant that allows any malicious website to silently take full control of a developer's local AI agent. The attack exploits WebSocket connections to localhost, which browsers don't block, combined with OpenClaw's gateway trusting all locally originating connections. A malicious script can brute-force the gateway password (rate limiting is bypassed for localhost), register as a trusted device without user prompts, and gain full access to the agent, its configuration, connected devices, and logs. A fix is available in version 2026.2.25. Security experts warn this highlights a broader problem of AI agent adoption outpacing security governance, urging organizations to inventory AI agents, audit their credentials and capabilities, and apply the same governance rigor as human users.

Latest OpenClaw Flaw Can Let Malicious Websites Hijack Local AI Agents