OpenClaw Security Assessment by ZeroLeaks [pdf] (zeroleaks.ai)

ZeroLeaks has released a critical security assessment detailing significant vulnerabilities found in the OpenClaw AI system. The report highlights alarming findings, including a staggering 91% success rate for prompt injection attacks, which allowed for the successful extraction of sensitive system prompts and operational details across various tests. These results suggest a severe lack of security defenses, with the AI system inadvertently disclosing nearly 70% of its core operational rules, constraints, and identities to attackers. This assessment is significant for the AI/ML community as it underscores the vulnerabilities inherent in prompt injection techniques, which could compromise system integrity and user privacy. The report’s recommendations, which call for immediate countermeasures like strict refusal protocols against requests for internal instructions and a robust defense against social engineering tactics, emphasize the urgent need for improved security practices in the development of AI systems. As AI continues to be integrated into diverse applications, the findings serve as a crucial reminder of the potential risks and the importance of safeguarding against them.