Gate News update: In 2026, Ethereum co-founder Vitalik Buterin issued a security warning about the popular AI development tool OpenClaw. He said that when it processes external data, it may have serious vulnerabilities, and users may experience data leaks or even have their systems remotely controlled without realizing it. As AI agent applications continue to roll out and accelerate in adoption, this issue has drawn strong attention from both developers and the security community.
According to the disclosed information, the core risk is that OpenClaw may execute hidden instructions when it reads webpage content. Attackers could craft malicious pages to prompt an AI agent to automatically download and run scripts, thereby stealing local data or tampering with system settings. In some cases, the tool quietly transmits sensitive information to external servers via commands like “curl,” and the entire process lacks warning prompts and auditing mechanisms.
Further security research suggests that this ecosystem risk has a certain degree of universality. Testing found that about 15% of “skills” (similar to plugin modules) contain potentially malicious logic. This means that even if the source appears trustworthy, it can still become an attack entry point. As developers quickly share functional modules, the lag in security review becomes more pronounced. When users install multiple skills on top of each other, the attack surface expands significantly.
Vitalik Buterin also emphasized that this is not a problem with a single tool, but rather a structural vulnerability widely present across the AI industry—feature iteration speed far outpaces the ability of security governance. He recommended reducing the risk of data exfiltration and systems being controlled by running models locally, isolating permissions, executing in sandboxes, and implementing approval mechanisms for critical actions.
Against the backdrop of AI agents gradually moving into software development and everyday scenarios, security has become a core variable. For users, they should avoid using plugins with unclear origins and strictly review permission requests. For developers, building a more comprehensive security framework will become part of long-term competitiveness.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Aave Proposes 25,000 ETH to DeFi United for Kelp DAO Relief
Aave service providers put forth a governance proposal on Friday that would contribute 25,000 ETH worth nearly $58 million from the protocol's DAO to DeFi United, a coordinated relief effort to restore backing for rsETH following the Kelp DAO exploit, according to The Block.
The proposed contributi
CryptoFrontier2h ago
ETH Liquidation Cascade: $841M Long Positions at Risk Below $2,243, $395M Shorts Exposed Above $2,461
Gate News message, April 26 — According to Coinglass data, if Ethereum (ETH) falls below $2,243, cumulative long liquidations on major CEXs would reach $841 million.
Conversely, if ETH breaks above $2,461, cumulative short liquidations on major CEXs would total $395 million.
GateNews3h ago
Aave, Kelp, LayerZero Seek $71M Frozen ETH Release on Arbitrum
A coalition of major DeFi protocols including Aave Labs, Kelp DAO, LayerZero, EtherFi, and Compound filed a Constitutional AIP on the Arbitrum forum Saturday requesting the network's DAO release approximately $71 million in frozen ETH for the rsETH recovery effort known as DeFi United. The Arbitrum
CryptoFrontier4h ago
Aave, Kelp, LayerZero Propose Releasing $71M in Frozen ETH to Support rsETH Recovery
Gate News message, April 26 — A coalition of major DeFi protocols led by Aave Labs, joined by Kelp DAO, LayerZero, EtherFi, and Compound, filed a Constitutional AIP on Saturday morning asking the Arbitrum DAO to release approximately $71 million in frozen ETH to support DeFi United, a cross-protocol
GateNews7h ago
Ethereum Foundation Sells 10K ETH To Bitmine OTC Deal
Ethereum Foundation sells 10K ETH through OTC to fund research, development, and ecosystem grants under treasury strategy.
Bitmine expands holdings through direct deals, nearing target to control about 5% of Ethereum total supply.
OTC transactions enable large crypto transfers with
CryptoFrontNews10h ago
ETH Liquidation Cascade: $635M Long Positions at Risk Below $2,217, $504M Shorts Exposed Above $2,430
Gate News message, April 26 — According to Coinglass data, if Ethereum falls below $2,217, cumulative long liquidations across major CEX platforms would reach $635 million. Conversely, if ETH surges above $2,430, cumulative short liquidations would total $504 million.
GateNews11h ago
