Five Zero-Days in OpenClaw Let Attackers Hijack AI Agents Across Slack, Teams, and Discord
Researchers have disclosed five zero-day vulnerabilities in OpenClaw, the open-source framework that connects AI agents to enterprise messaging platforms including Slack, Microsoft Teams, and Discord. The flaws enable identity spoofing attacks — allowing adversaries to impersonate trusted AI agents and intercept or redirect the delegated actions those agents perform. The timing is particularly uncomfortable: Microsoft just announced Scout, a persistent AI assistant built on the OpenClaw framework, as its flagship “Autopilot”-style agent for Microsoft 365 services. ...