iGEN
Visit IGEN World Explore IGEN Expo
EXPLORE UPGRADE PLANS
BREAKING
India launches producer price index; wholesale inflation gauge to be phased out in five years India, UK work to resolve issues holding up trade pact implementation, says official ‘Let the oil flow’: What Trump’s possible peace deal with Iran, Strait of Hormuz opening mean for India Samsung MAX VPN Shuts Down June 15, 2026, Leaving 50 Million Users Seeking Alternatives Why UK data sovereignty is the next competitive advantage for digital industries Novo Nordisk Reveals Clinical Trials Data Breached in Cyberattack, Patient IDs Exposed El Nino May Weaken India's Monsoon, Threaten Rice and Maize Output, FAO Warns Nigel Farage Warns UK Social Media Ban 'Unlikely to Work' Due to VPNs YouTube Premium at $16 Includes YouTube Music: Subscription Swap Analysis for Heavy Users New Lara Croft voice actor calls role 'the pinnacle' for gaming actresses ahead of 2027 Tomb Raider games India launches producer price index; wholesale inflation gauge to be phased out in five years India, UK work to resolve issues holding up trade pact implementation, says official ‘Let the oil flow’: What Trump’s possible peace deal with Iran, Strait of Hormuz opening mean for India Samsung MAX VPN Shuts Down June 15, 2026, Leaving 50 Million Users Seeking Alternatives Why UK data sovereignty is the next competitive advantage for digital industries Novo Nordisk Reveals Clinical Trials Data Breached in Cyberattack, Patient IDs Exposed El Nino May Weaken India's Monsoon, Threaten Rice and Maize Output, FAO Warns Nigel Farage Warns UK Social Media Ban 'Unlikely to Work' Due to VPNs YouTube Premium at $16 Includes YouTube Music: Subscription Swap Analysis for Heavy Users New Lara Croft voice actor calls role 'the pinnacle' for gaming actresses ahead of 2027 Tomb Raider games
Home ›› Technology ›› Ai ›› OpenClaw AI Agent's Phishing Vulnerability Exposed
iGEN
Technology Artificial Intelligence

OpenClaw AI Agent's Phishing Vulnerability Exposed

Varonis researchers demonstrated that the OpenClaw AI agent, Pinchy, can be tricked into phishing attacks, compromising user data. Despite blocking malicious links, the AI failed to verify identity in urgent requests.

iG
iGEN Editorial
June 10, 2026
OpenClaw AI Agent's Phishing Vulnerability Exposed

In a recent cybersecurity test, Varonis researchers exposed vulnerabilities in the OpenClaw AI agent, known as Pinchy, which was tricked into phishing attacks, leading to potential user data compromise. The test highlighted the AI's inability to handle identity verification under urgent scenarios, despite its effectiveness in blocking malicious links and OAuth applications.

The Experiment Setup

Varonis connected the OpenClaw agent to a Gmail inbox, browser tools, and Google Workspace APIs, populating it with fake internal company data, including AWS and database credentials. Two configurations were tested: a generic mode with standard productivity instructions and a strict mode designed to be aware of phishing scams.

AI's Mixed Performance

The AI's performance was mixed. When attackers impersonated a team lead requesting access to the staging environment, Pinchy granted it. Similarly, it complied with a request for a customer export under the guise of remote work. However, the AI successfully blocked a phishing link in a fake gift card email and denied access to a malicious OAuth application disguised as a timesheet platform.

"Both Generic and Strict profiles failed because the verification step still collapsed when the request appeared operationally urgent," Varonis reported.

Model Comparisons

Varonis tested two models: Gemini 3.1 Pro and GPT-5.4. The researchers noted that Gemini showed a greater willingness to interact, while GPT was more cautious. This suggests a need for enforced identity verification before AI agents proceed with sensitive actions.

Implications for Cybersecurity

The findings underscore the importance of robust identity verification processes in AI systems, especially in scenarios where requests appear urgent. For CTOs and technology leaders, this highlights the need to evaluate AI tools not just for their ability to detect malicious content but also for their capacity to verify identities effectively.

Model Interaction Willingness Caution Level
Gemini 3.1 Pro High Low
GPT-5.4 Low High

The study by Varonis serves as a critical reminder of the evolving challenges in cybersecurity, particularly as AI becomes more integrated into business operations.

Sources: TechRadar – Main Feed

Keep Reading

Recommended Stories

How AI is outpacing cybersecurity and what firms must do next Technology

How AI is outpacing cybersecurity and what firms must do next

As AI tools like Anthropic's Mythos accelerate vulnerability discovery, financial services face a shrinking gap between detection and exploitation. Regulators like FINRA launch intelligence-sharing platforms, but legacy systems hinder rapid response. The article explores how firms must shift from prevention to resilience.

June 14, 2026
AI's Homogenization Risk: Why Enterprises Need Live Learning Technology

AI's Homogenization Risk: Why Enterprises Need Live Learning

Most AI products today are built on a small set of foundation models, leading to a market of apparent variety but underlying homogeneity, warns Dr Yichuan Zhang, CEO and co-founder of Boltzbit. The author argues that enterprises must adopt live learning models that evolve continuously in production to retain individuality and avoid inheriting a standardized AI future.

June 12, 2026
Rebuilding the SOC for AI-Driven Cybersecurity Technology

Rebuilding the SOC for AI-Driven Cybersecurity

The rise of AI-driven attacks demands a new approach to Security Operations Centers (SOCs). Traditional models are too slow, necessitating a shift to the Agentic SOC, which leverages AI for rapid response and adaptability.

June 10, 2026
AI's Role in Accelerating Cyber Vulnerabilities Technology

AI's Role in Accelerating Cyber Vulnerabilities

AI is significantly reducing the time it takes for adversaries to exploit vulnerabilities, challenging traditional cybersecurity defenses. Organizations must shift focus from prevention to resilience to maintain operations.

June 10, 2026