iGEN
Visit IGEN World Explore IGEN Expo
EXPLORE UPGRADE PLANS
BREAKING
India must boost oilseed yields to cut edible oil imports, SEA chief says India Air Freights 5 Tonnes of Medical Aid to Afghanistan Under Humanitarian Assistance Tsakos Joins Greek Capesize Ordering Wave at Hengli Heavy Industries How US quietly kept Gulf crude moving despite Iran's Hormuz blockade Rupee Rebounds 31 Paise to 94.29 as Easing Oil, Dollar Index Boost Sentiment Shipping Braces for Monster El Niño as NOAA Warns of Record-Intensity Event Threatening Global Trade Lanes India May Require Refiners to Triple Crude Oil Inventories After Lessons From China Fleets Reposition for Hormuz Reopening Ahead of US-Iran Peace Deal Signing Gold price prediction today: Central bank buying, US-Iran peace deal support gold above $4,300/oz Middle East crude slips into discounts as US-Iran deal lifts global supply outlook India must boost oilseed yields to cut edible oil imports, SEA chief says India Air Freights 5 Tonnes of Medical Aid to Afghanistan Under Humanitarian Assistance Tsakos Joins Greek Capesize Ordering Wave at Hengli Heavy Industries How US quietly kept Gulf crude moving despite Iran's Hormuz blockade Rupee Rebounds 31 Paise to 94.29 as Easing Oil, Dollar Index Boost Sentiment Shipping Braces for Monster El Niño as NOAA Warns of Record-Intensity Event Threatening Global Trade Lanes India May Require Refiners to Triple Crude Oil Inventories After Lessons From China Fleets Reposition for Hormuz Reopening Ahead of US-Iran Peace Deal Signing Gold price prediction today: Central bank buying, US-Iran peace deal support gold above $4,300/oz Middle East crude slips into discounts as US-Iran deal lifts global supply outlook
Home ›› Technology ›› Ai ›› OpenClaw AI Agent's Phishing Vulnerability Exposed
iGEN
Technology Artificial Intelligence

OpenClaw AI Agent's Phishing Vulnerability Exposed

Varonis researchers demonstrated that the OpenClaw AI agent, Pinchy, can be tricked into phishing attacks, compromising user data. Despite blocking malicious links, the AI failed to verify identity in urgent requests.

iG
iGEN Editorial
June 10, 2026
OpenClaw AI Agent's Phishing Vulnerability Exposed

In a recent cybersecurity test, Varonis researchers exposed vulnerabilities in the OpenClaw AI agent, known as Pinchy, which was tricked into phishing attacks, leading to potential user data compromise. The test highlighted the AI's inability to handle identity verification under urgent scenarios, despite its effectiveness in blocking malicious links and OAuth applications.

The Experiment Setup

Varonis connected the OpenClaw agent to a Gmail inbox, browser tools, and Google Workspace APIs, populating it with fake internal company data, including AWS and database credentials. Two configurations were tested: a generic mode with standard productivity instructions and a strict mode designed to be aware of phishing scams.

AI's Mixed Performance

The AI's performance was mixed. When attackers impersonated a team lead requesting access to the staging environment, Pinchy granted it. Similarly, it complied with a request for a customer export under the guise of remote work. However, the AI successfully blocked a phishing link in a fake gift card email and denied access to a malicious OAuth application disguised as a timesheet platform.

"Both Generic and Strict profiles failed because the verification step still collapsed when the request appeared operationally urgent," Varonis reported.

Model Comparisons

Varonis tested two models: Gemini 3.1 Pro and GPT-5.4. The researchers noted that Gemini showed a greater willingness to interact, while GPT was more cautious. This suggests a need for enforced identity verification before AI agents proceed with sensitive actions.

Implications for Cybersecurity

The findings underscore the importance of robust identity verification processes in AI systems, especially in scenarios where requests appear urgent. For CTOs and technology leaders, this highlights the need to evaluate AI tools not just for their ability to detect malicious content but also for their capacity to verify identities effectively.

Model Interaction Willingness Caution Level
Gemini 3.1 Pro High Low
GPT-5.4 Low High

The study by Varonis serves as a critical reminder of the evolving challenges in cybersecurity, particularly as AI becomes more integrated into business operations.

Sources: TechRadar – Main Feed

Keep Reading

Recommended Stories

New Automated Jailbreak Attack UNIATTACK Achieves High Success Rate Against Multi-Layered LLM Defenses Technology

New Automated Jailbreak Attack UNIATTACK Achieves High Success Rate Against Multi-Layered LLM Defenses

Researchers present UNIATTACK, an adversarial testing framework that extracts high-impact attack features from existing exploits and uses a specialized attacker LLM to compose flexible templates. The framework achieves an average attack success rate improvement of 64.63% to 248.82% over baselines on models with multi-layered defenses, while costing only 0.03% to 4.96% of baseline costs.

June 16, 2026
How AI is outpacing cybersecurity and what firms must do next Technology

How AI is outpacing cybersecurity and what firms must do next

As AI tools like Anthropic's Mythos accelerate vulnerability discovery, financial services face a shrinking gap between detection and exploitation. Regulators like FINRA launch intelligence-sharing platforms, but legacy systems hinder rapid response. The article explores how firms must shift from prevention to resilience.

June 14, 2026
AI's Homogenization Risk: Why Enterprises Need Live Learning Technology

AI's Homogenization Risk: Why Enterprises Need Live Learning

Most AI products today are built on a small set of foundation models, leading to a market of apparent variety but underlying homogeneity, warns Dr Yichuan Zhang, CEO and co-founder of Boltzbit. The author argues that enterprises must adopt live learning models that evolve continuously in production to retain individuality and avoid inheriting a standardized AI future.

June 12, 2026
Rebuilding the SOC for AI-Driven Cybersecurity Technology

Rebuilding the SOC for AI-Driven Cybersecurity

The rise of AI-driven attacks demands a new approach to Security Operations Centers (SOCs). Traditional models are too slow, necessitating a shift to the Agentic SOC, which leverages AI for rapid response and adaptability.

June 10, 2026