Gate News update: In 2026, Ethereum co-founder Vitalik Buterin issued a security warning about the popular AI development tool OpenClaw. He said that when it processes external data, it may have serious vulnerabilities, and users may experience data leaks or even have their systems remotely controlled without realizing it. As AI agent applications continue to roll out and accelerate in adoption, this issue has drawn strong attention from both developers and the security community.
According to the disclosed information, the core risk is that OpenClaw may execute hidden instructions when it reads webpage content. Attackers could craft malicious pages to prompt an AI agent to automatically download and run scripts, thereby stealing local data or tampering with system settings. In some cases, the tool quietly transmits sensitive information to external servers via commands like “curl,” and the entire process lacks warning prompts and auditing mechanisms.
Further security research suggests that this ecosystem risk has a certain degree of universality. Testing found that about 15% of “skills” (similar to plugin modules) contain potentially malicious logic. This means that even if the source appears trustworthy, it can still become an attack entry point. As developers quickly share functional modules, the lag in security review becomes more pronounced. When users install multiple skills on top of each other, the attack surface expands significantly.
Vitalik Buterin also emphasized that this is not a problem with a single tool, but rather a structural vulnerability widely present across the AI industry—feature iteration speed far outpaces the ability of security governance. He recommended reducing the risk of data exfiltration and systems being controlled by running models locally, isolating permissions, executing in sandboxes, and implementing approval mechanisms for critical actions.
Against the backdrop of AI agents gradually moving into software development and everyday scenarios, security has become a core variable. For users, they should avoid using plugins with unclear origins and strictly review permission requests. For developers, building a more comprehensive security framework will become part of long-term competitiveness.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Arthur Hayes-Linked Wallet Deposits 3,000 ETH Worth $7.26M to Major CEX
On April 18, Onchain Lens reported that a wallet linked to Arthur Hayes deposited 3,000 ETH, worth about $7.26 million, to a major centralized exchange, highlighting notable whale activity.
GateNews57m ago
Bitcoin ETFs See Daily Outflow While Ethereum and Solana ETFs Post Gains on April 17
Gate News message, according to the April 17 update, Bitcoin ETFs recorded a 1-day net outflow of 142 BTC ($10.98M) and a 7-day net inflow of 7,093 BTC ($550.09M). Ethereum ETFs showed a 1-day net inflow of 22,357 ETH ($54.55M) and a 7-day net inflow of 89,684 ETH ($218.83M). Solana ETFs posted a 1-
GateNews10h ago
ETH breaks through 2450 USDT
Gate News bot message, Gate market data shows, ETH breaks through 2450 USDT, current price 2450.15 USDT.
CryptoRadar11h ago
Schwab Wealth Management Announces Details of Its Spot Cryptocurrency Trading Service
Schwab Wealth Management has launched a spot cryptocurrency trading platform named Schwab Crypto, where retail customers can directly trade Bitcoin and Ether. The platform will offer investment, research, and wealth management services, and will partner with Paxos to help ensure asset security. In addition, Schwab Wealth Management charges a 75-basis-point fee per trade, and will gradually increase the number of supported cryptocurrencies in the future.
ChainNewsAbmedia11h ago
