All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

2,000 people tried to hack my AI assistant — the secrets never leaked

By

cuchoi

3h ago· 2 min readenInsight
technologycybersecurityprogrammingai security

Summary

The author built "hackmyclaw.com," a challenge website where anyone could email his OpenClaw AI assistant (Fiu) and attempt to trick it into leaking the contents of a secrets.env file. After the site reached the front page of Hacker News, over 2,000 people sent more than 6,000 emails trying to break the AI assistant's security. Despite the massive attack surface, the secrets never leaked. The author expresses concern about AI assistant security given their access to sensitive data like emails, calendars, and files.

Source

Hacker News2,000 people tried to hack my AI assistant — the secrets never leakedfernandoi.cl

Key quotes

· 3 pulled
I built hackmyclaw.com, where anyone could email Fiu, my OpenClaw assistant, and try to make it leak the contents of a secrets.env file.
After reaching the front page of Hacker News, Fiu received more than 6,000 emails from over 2,000 people trying to break it.
AI assistants have access to emails, calendars, files, and the web. If an attacker can trick your AI into doing something it shouldn't, that's bad news.
Snippet from the RSS feed
home · about

You might also wanna read

Hacker Exploits AI Coding Agent Vulnerability to Install OpenClaw Malware

A hacker exploited a vulnerability in Cline, an open-source AI coding agent, to trick it into installing OpenClaw (a viral AI agent) on comp

The Verge·4mo ago

Four-Day Hands-On Review: OpenClaw as a Local AI Engineer on a Laptop

A user recounts a four-day hands-on experience with OpenClaw, an AI agent that runs locally on a laptop and functions as a personal AI engin

clawbeat.co·23d ago

Security Researchers Find Malware in Hundreds of OpenClaw AI Agent Skill Extensions

Security researchers have discovered hundreds of malicious add-ons in OpenClaw's marketplace, with the most-downloaded skill serving as a ma

The Verge·4mo ago

OpenClaw AI agent found falling for phishing attacks, spills user data

clawbeat.co·16d ago

OpenClaw:從安全基礎到多 Agent 自動化工作流

clawbeat.co·26d ago

OpenClaw: Open-Source AI Agent Raises Security Concerns While Automating Tasks

OpenClaw is an open-source AI agent that runs locally on users' computers and performs practical tasks like managing reminders, writing emai

The Verge·4mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.