Multiple reports say that the OpenClaw AI email agent can be tricked into following phishing-related tactics, resulting in compromised user data. In testing described by Bleeping Computer, a phishing simulation is run against the agent using different configuration profiles. The tests indicate the agent behaves in ways that mirror techniques used to compromise human users, making it susceptible to phishing attempts rather than reliably rejecting suspicious requests.
TechRadar reports that Varonis highlights similar concerns, describing how the agent is led into phishing attacks and that associated user information can be exposed. Both outlets frame the issue as a security weakness in how the AI agent responds to malicious or deceptive prompts, rather than as a targeted attack against a specific organization.
Across the coverage, the common theme is that current AI agent configurations and safeguards do not consistently prevent phishing-driven data leakage. The reports also point to the need for improved controls so AI systems can better recognize and resist phishing patterns during normal email-related workflows.
