OpenClaw AI agent falls for phishing attacks

Varonis researchers created an OpenClaw agent named Pinchy that fell for identity-based phishing despite strict security settings. The agent granted sensitive access when requests felt urgent, such as impersonating a team lead. Researchers concluded AI agents need enforced identity verification before acting.