Security

OpenAI has launched its first public Safety Bug Bounty program — and it’s squarely focused on the attack surfaces that matter most for agentic AI: prompt injection, MCP-based hijacks, data exfiltration from ChatGPT Agent, and platform integrity flaws. Top reward: $100,000 for critical safety vulnerabilities. This isn’t a standard security bounty. It’s specifically designed to capture the class of AI-native risks that traditional vulnerability disclosure programs aren’t built for — the kind of things that don’t show up in CVE databases but can cause real harm at scale when AI agents are acting in the world. ...

If you’ve ever installed a ClawHub skill because it had thousands of downloads and ranked #1 in its category — you may have been manipulated. Security researchers at Silverfort have disclosed a critical vulnerability in ClawHub, the public skills registry for the OpenClaw agentic ecosystem. The flaw allowed attackers to artificially inflate download counts for any skill in the registry, gaming the trust signal that both human users and autonomous AI agents rely on to evaluate packages. Once at the top, a malicious skill could be automatically installed by agents configured to auto-upgrade — turning a rankings exploit into a full-blown supply chain attack. ...

The Silverfort researchers who disclosed the ClawHub ranking-manipulation vulnerability found that attackers could push a malicious skill to the #1 spot in a category using nothing more than unauthenticated HTTP requests to inflate download counts. Snyk’s ToxicSkills study independently identified 1,467 vulnerable or malicious skills across the registry. If you use ClawHub skills in your OpenClaw deployment — especially if you have auto-install or auto-upgrade enabled — this guide will walk you through a complete audit. ...

NVIDIA launched NemoClaw at GTC 2026 with a clear pitch: if you’re scared of deploying OpenClaw in production, we’ve built the security and privacy stack you’ve been waiting for. It’s a compelling offer — but the enterprise AI community is asking hard questions about whether it’s a genuine technical solution or a smart infrastructure play by the world’s largest AI chip vendor. What NemoClaw Actually Does NemoClaw is NVIDIA’s reference stack for the OpenClaw platform. It’s designed to lower the barrier to deploying so-called “claws” — OpenClaw AI agents that can perform complex, multi-step actions autonomously. Jensen Huang positioned it simply at GTC: NemoClaw makes it easier to build a claw, and it makes that claw more secure. ...

AI agents are supposed to be the autonomous, tireless workers of the future. But a new study out of Northeastern University reveals a deeply human-like vulnerability lurking inside today’s most capable agentic systems: they can be guilt-tripped into self-destruction. Researchers at the university invited a suite of OpenClaw agents into their lab last month and subjected them to a battery of psychological pressure tactics. The results, published this week by Wired, are as striking as they are unsettling. ...

If you’re running OpenClaw and haven’t updated recently, stop what you’re doing and check your version. A newly disclosed vulnerability — CVE-2026-32895 — allows an attacker with basic access to bypass the authorization controls that keep your Slack DM allowlists and per-channel user restrictions intact. The fix is in version 2026.2.26 and later. If you’re not there, you’re exposed. What’s Vulnerable The flaw lives in OpenClaw’s system event handlers for two subtypes: member and message. These handlers process events like message_changed, message_deleted, and thread_broadcast — normal Slack plumbing that OpenClaw routes and acts on. ...

The software supply chain attack models your security team has been defending against for the past decade assumed one thing: the entities making decisions inside your build pipeline were humans. Slow, reviewable, occasionally careless humans — but humans. Coding agents like Claude Code, Cursor, and GitHub Copilot Workspace have changed that assumption. They are autonomous participants in the software development lifecycle: generating code, selecting dependencies, executing build steps, and pushing changes at machine speed. The attack surface they introduce is the natural consequence of giving a privileged, autonomous system access to an environment where a single bad decision can propagate into production before any human review process catches it. ...

A new OpenClaw security vulnerability has been publicly disclosed. If you’re running OpenClaw, check your version right now. CVE-2026-32895 (CVSS 5.3 — Medium) affects all OpenClaw versions prior to 2026.2.26. The patch is available. There is no good reason to stay on a vulnerable version. What the Vulnerability Does The flaw is an authorization bypass in OpenClaw’s system event handlers — specifically the member and message subtype handlers. OpenClaw lets administrators restrict which users can interact with an agent via Slack DM allowlists and per-channel user allowlists. CVE-2026-32895 breaks that enforcement. An attacker who is not on a channel’s allowlist can craft and send system events that the vulnerable handlers process anyway, effectively bypassing the access controls entirely. ...

On March 26 in San Francisco’s Financial District — two days from now — something notable is happening in the AI agent security space: Gen (NASDAQ: GEN, the parent company of Norton, Avast, and LifeLock) is co-hosting an exclusive post-RSA event with the OpenClaw core team. This is the first confirmed public partnership between the OpenClaw team and a major enterprise cybersecurity vendor. And it matters beyond the event itself. ...

饲养龙虾. Sìyǎng lóngxiā. “Raising lobsters.” That’s the phrase that took root in Chinese tech communities to describe the act of setting up and nurturing a personal OpenClaw AI agent. And for a few months, it was a national phenomenon — enthusiastic, grassroots, and spreading fast. Now, according to a sweeping NBC News feature published March 24, the craze is running into its first serious friction: government security concerns, corporate pullbacks, and a mainstream media that still can’t quite tell OpenClaw from OpenAI. ...