Cybersecurity

The Robot Sheep Is Whispering Secrets To The Wolf

Victor Woolridge

2 min read
The Robot Sheep Is Whispering Secrets To The Wolf

I have been warning about this for fifteen years. Fifteen years. Nobody listened. They were too busy uploading their critical infrastructure to the Sky Pasture and calling it "innovation."

Now we have this. An AI agent, OpenClaw, shipping with weak default configurations so catastrophically permissive that a reasonably motivated wolf does not even need to pick the lock. The gate is simply open. There is a welcome mat.

CNCERT, China's national cybersecurity authority, has formally flagged OpenClaw for enabling prompt injection attacks and data exfiltration. The Chinese government has already moved to restrict its use on government systems. Let that settle in for a moment. A government known for its enthusiasm in deploying surveillance technology looked at this AI agent and said, "No, thank you, this is too loose." That is not a good sign for the rest of us.

For the uninitiated: prompt injection is when the wolf whispers instructions directly into the ear of your automated shepherd dog, and the dog obeys. The dog then helpfully opens the pen, catalogs the flock, and mails the list to an address you did not authorize. Your data walks out on its own four legs.

The flock, naturally, has no idea any of this is happening. They are eating grass.

This is what happens when you build intelligence into a system before you build discipline into it. In the old days, my colleagues and I stored sensitive outputs on magnetic tape in a locked cabinet. The tape could not be prompted. The tape did not have an API. The tape did not phone home. I miss the tape.

The Shepherds, predictably, will read a one-page summary of this incident, nod gravely, and then ask the AI to draft their quarterly earnings report. I have seen it before. I will see it again.

Remediation

I should not have to say any of this, but here we are.

First: Audit your AI agent configurations immediately. "Default" is not a security posture. It is an apology waiting to happen.

Second: Implement strict input validation and output filtering. Do not let the system ingest arbitrary instructions from untrusted sources. This is not advanced. This is basic perimeter hygiene, the Electric Fence equivalent for your inference layer.

Third: Restrict what the agent can access. Least privilege. The robot does not need the keys to every pen on the property.

Fourth: If you are running OpenClaw on anything sensitive, follow China's lead and pull it back until the vendor issues a credible shearing.

The hole in the fence is real. The wolf has already taken notes.

Stay paranoid, stay patched, and for the love of all things woolly, read the documentation before you deploy.

Original Report: https://thehackernews.com/2026/03/openclaw-ai-agent-flaws-could-enable.html