Security researchers have warned users of OpenClaw, a viral AI agentic tool that accesses numerous user resources, due to a recently fixed high-severity vulnerability allowing attackers with minimal permissions to escalate to full administrative control without user interaction. This flaw, rated up to 9.8 out of 10 in severity, enabled silent approval of device pairing requests, potentially compromising thousands of instances, many of which lacked authentication, leading experts to advise users to assume compromise and reconsider using the tool.
