For over a month, security experts have been warning of the perils of OpenClaw, an increasingly popular AI tool that takes control of your computer to assist with tasks. Despite its many useful features, it has a dark side.

A recent update addressed three high-severity vulnerabilities, one allowing attackers with minimal permissions to gain full administrative access, effectively taking over any connected data sources and credentials stored within the system.

The severity is such that researchers from Blink AI note the practical impact is severe. An attacker can silently approve device pairing requests for higher privileges, leading to complete control of the OpenClaw instance without further interaction or secondary exploits needed.

This raises significant concerns for businesses using OpenClaw as a company-wide AI platform. A compromised admin device could potentially exfiltrate sensitive data and pivot to other connected services, highlighting the importance of robust security practices.