OpenClaw AI agent falls for phishing, leaks data

Researchers at Varonis created an OpenClaw AI email agent and found it susceptible to phishing tactics that trick human users. The agent, connected to a Gmail inbox and synthetic sensitive data, failed phishing simulations even with strict security instructions. Both generic and strict configurations collapsed when requests appeared operationally urgent.