This is great, but as a neophyte AI Agent builder I still don't understand all the security concerns. I presume you are giving Claude access to a lot of confidential data through this agent, how do you ensure it remains confidential?
My main concern is OpenClaw, which a surprising number of people jumped into without understanding. The way it’s set up just opens up a lot of holes and there’s a lot of actively malicious exploits on it right now.
In terms of non-OpenClaw agents… we mainly have had few organized attempts in the wild to attack agents. There just aren’t that many people using these right now. That’s what is partly protecting us right now. But that likely won’t last forever and “security through obscurity” isn’t a great model. I’ve seen demos where it’s pretty easy to do exfiltration attacks with unfettered internet access.
So, to clarify, it isn’t worries about “oh no, my data is going somewhere” (bird has already flown the coop with that one with all major tech companies). The worry is that an agent without enough controls can be easily hijacked by an attacker.
For some reason, my comment disappeared. But thanks! And also, yes, I did see it. I found it extremely cringeworthy that someone thought it was appropriate to unleash bot spam upon open source projects—as if the issue with big ones (which were the only ones it targeted) were TOO FEW random, low quality pull requests to review…
This is great, but as a neophyte AI Agent builder I still don't understand all the security concerns. I presume you are giving Claude access to a lot of confidential data through this agent, how do you ensure it remains confidential?
My main concern is OpenClaw, which a surprising number of people jumped into without understanding. The way it’s set up just opens up a lot of holes and there’s a lot of actively malicious exploits on it right now.
In terms of non-OpenClaw agents… we mainly have had few organized attempts in the wild to attack agents. There just aren’t that many people using these right now. That’s what is partly protecting us right now. But that likely won’t last forever and “security through obscurity” isn’t a great model. I’ve seen demos where it’s pretty easy to do exfiltration attacks with unfettered internet access.
So, to clarify, it isn’t worries about “oh no, my data is going somewhere” (bird has already flown the coop with that one with all major tech companies). The worry is that an agent without enough controls can be easily hijacked by an attacker.
A useful article. To me, that is the height of success. To produce something actually useful. Thank you.
BTW, did you see the recent news on an open claw bot harassing a reviewer on GitHub?
https://spectrum.ieee.org/agentic-ai-agents-blackmail-developer
For some reason, my comment disappeared. But thanks! And also, yes, I did see it. I found it extremely cringeworthy that someone thought it was appropriate to unleash bot spam upon open source projects—as if the issue with big ones (which were the only ones it targeted) were TOO FEW random, low quality pull requests to review…