OpenClaw AI Agent Framework Faces Security Concerns

The open-source AI agent framework OpenClaw is gaining traction but has potential security flaws that could enable prompt injection and data exfiltration.

The open-source AI agent framework OpenClaw is gaining attention. However, China's National Computer Network Emergency Response Technical Team (CNCERT) issued a warning in March 2026 regarding security risks associated with OpenClaw. These risks include vulnerabilities that could enable prompt injection and data exfiltration. The attack, also referred to as indirect prompt injection (IDPI) or cross-domain prompt injection (XPIA), involves adversaries manipulating benign AI features to run malicious instructions.