‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery
Four vulnerabilities in OpenClaw can be chained together to steal credentials, escape the sandbox, and plant persistent backdoors. The post ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery appeared first on SecurityWeek.
Four vulnerabilities in the OpenClaw AI assistant can be chained together to plant backdoors on the underlying host, cybersecurity firm Cyera warns.
The bugs, collectively known as Claw Chain, allow an attacker with code execution privileges inside the sandbox to control the agent runtime and abuse it to compromise the system.
According to Cyera, the attacker can rely on prompt injections, malicious plugins, and compromised external input to trigger the attack chain and turn the AI into their own assistant.
Source: https://www.securityweek.com/claw-chain-openclaw-flaws-allow-sandbox-escape-backdoor-delivery/
Related breach coverage
- RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries2026-05-27
Using an AI model called BinNet, RevEng hunts vulnerabilities and backdoors in released software binaries. The post RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries appeared first on SecurityWeek.
- Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack2026-05-25
Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek.
- ‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems2026-05-27
Malicious repositories and disguised symlinks can trick AI coding agents into silently installing attacker-controlled MCP servers capable of stealing secrets, compromising CI pipelines, and deploying malicious code. The post ‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems appeared first on SecurityWeek.
- Anthropic Releases New Claude Sandbox, Security Guidance Plugin2026-05-27
The AI giant says the new plugin, which helps developers find vulnerabilities as they write code, has been used extensively internally. The post Anthropic Releases New Claude Sandbox, Security Guidance Plugin appeared first on SecurityWeek.