A critical security vulnerability in the OpenClaw AI platform has been patched, the company confirmed. The flaw, if exploited, could have allowed a malicious website to connect to and take control of a user’s locally running AI agent.

The issue, dubbed “ClawJacked,” resided in the core OpenClaw gateway software. According to a statement from the company, the vulnerability was present in the system’s default configuration, requiring no additional plugins or user-installed extensions to be exploitable.

Nature of the Security Flaw

The vulnerability exploited the WebSocket connection used by the OpenClaw agent to communicate. A specially crafted malicious website could initiate a connection to the locally running AI agent, bypassing normal security controls. This could lead to a complete takeover of the agent’s functions.

OpenClaw has classified the issue as high severity. The company’s statement emphasized that the flaw existed in the bare gateway software operating exactly as documented, highlighting a fundamental design oversight rather than a problem with third party add ons.

Immediate Response and Patch

Upon discovery, OpenClaw’s security team developed and released a patch. The update addresses the improper access controls that permitted the unauthorized WebSocket connections. Users are strongly advised to update their local OpenClaw installations immediately to the latest version.

The company has not disclosed whether the vulnerability was discovered internally or reported by an external security researcher. No evidence has been found suggesting active exploitation of the flaw in the wild before the patch was issued.

Broader Implications for AI Security

This incident underscores growing security concerns as AI agents become more prevalent on personal devices. Local AI agents, which process sensitive data and perform automated tasks, present a new attack surface for cyber threats.

Security experts note that vulnerabilities allowing remote code execution or control over local AI processes could lead to data theft, fraud, or further network compromise. The OpenClaw case serves as a cautionary example for other developers in the rapidly expanding AI assistant market.

The patching of the ClawJacked flaw is expected to be followed by increased scrutiny of similar AI platforms. Industry analysts predict a wave of security audits focused on the communication channels and authentication mechanisms used by local AI agents.

OpenClaw has stated its commitment to continuing a review of its core architecture. The company plans to implement additional security hardening measures in future releases to prevent similar vulnerabilities.