The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has issued a warning about serious cybersecurity risks associated with experimental autonomous artificial intelligence agents such as OpenClaw, citing vulnerabilities that could lead to data breaches, account takeovers, and unauthorized system access.
OpenClaw is an open-source AI assistant designed to perform tasks autonomously on a user’s computer. To function, the system requires broad access to emails, files, and online services, allowing it to execute actions independently without ongoing human approval. According to the AP, this level of autonomy introduces significant security risks, effectively turning such systems into potential “Trojan horses” that attackers can exploit.
Security researchers have identified multiple vulnerabilities within OpenClaw’s ecosystem, including malicious plugins capable of stealing login credentials and cryptocurrency assets. The AP noted that approximately one in five available plugins may contain malware. The platform is also susceptible to indirect prompt injection attacks, where hidden commands embedded in emails, websites, or chat messages can manipulate the AI agent into exposing sensitive information or granting unauthorized access to connected accounts such as Google or Apple services.
More severe vulnerabilities could allow attackers to remotely execute malicious code, potentially gaining full control over a user’s computer, intercepting personal data, and installing additional malware. Misconfiguration or improper installation of OpenClaw can also expose personal information publicly, increasing the risk of data leaks.
The AP is urging individuals and organizations to avoid using OpenClaw and similar systems on devices containing sensitive or confidential information, including financial records, customer data, and personal documents. Parents are also encouraged to monitor whether children are using such tools on home devices.
The regulator emphasized that both users and developers remain responsible for complying with the General Data Protection Regulation (GDPR), regardless of whether the AI system is open source. The AP is also calling for clarification under the EU AI Act to ensure autonomous AI agents fall under existing safety and compliance requirements, warning that without proper safeguards, these emerging tools could pose widespread cybersecurity and privacy risks.
Need Help?
If you have questions or concerns about any global guidelines, regulations and laws, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight, and ensure you’re informed and compliant.
