{"id":600581,"date":"2026-06-23T15:54:31","date_gmt":"2026-06-23T15:54:31","guid":{"rendered":"https:\/\/www.olympiajournal.com\/news\/story\/600581\/ai-agents-still-cant-block-prompt-injection-and-tens-of-thousands-of-openclaw-setups-are-wide-open-claw-crew-warns.html"},"modified":"2026-06-23T15:54:31","modified_gmt":"2026-06-23T15:54:31","slug":"ai-agents-still-cant-block-prompt-injection-and-tens-of-thousands-of-openclaw-setups-are-wide-open-claw-crew-warns","status":"publish","type":"post","link":"https:\/\/www.olympiajournal.com\/news\/story\/600581\/ai-agents-still-cant-block-prompt-injection-and-tens-of-thousands-of-openclaw-setups-are-wide-open-claw-crew-warns.html","title":{"rendered":"AI Agents Still Can&#8217;t Block Prompt Injection &#8211; and Tens of Thousands of OpenClaw Setups Are Wide Open, Claw Crew Warns"},"content":{"rendered":"<div style=\"float:right;width:250px;padding:8px 10px 10px 10px\"><a rel=\"nofollow noopener\" href=\"https:\/\/www.abnewswire.com\/upload\/2026\/02\/1770463915.jpg\" style=\"border:none !important\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-29\" title=\"AI Agents Still Can&#039;t Block Prompt Injection - and Tens of Thousands of OpenClaw Setups Are Wide Open, Claw Crew Warns\" src=\"https:\/\/www.abnewswire.com\/upload\/2026\/02\/1770463915.jpg\" alt=\"AI Agents Still Can&#039;t Block Prompt Injection - and Tens of Thousands of OpenClaw Setups Are Wide Open, Claw Crew Warns\" width=\"225\" height=\"225\" \/><\/a><\/div>\n<div style=\"font-style:italic;padding:8px 0px\">Independent June 2026 testing shows direct prompt-injection attacks succeed in more than 79% of attempts, while security researchers flag 35.4% of exposed OpenClaw deployments as vulnerable. Claw Crew, the home base for OpenClaw builders, publishes plain-English hardening guidance aimed at the solo operators most exposed.<\/div>\n<p style=\"text-align: justify\">As open-source AI agents move from hobby projects to always-on infrastructure, the security gap is widening faster than most operators realize. New benchmark research published in June 2026 found that leading AI agents still cannot reliably resist prompt injection &mdash; the attack class the OWASP GenAI Security Project now describes as an architectural flaw rather than a patchable bug. In testing, <strong>direct prompt-injection attacks succeeded in more than 79% of attempts<\/strong> across every configuration evaluated, and hidden (&#8220;indirect&#8221;) injections embedded in ordinary web content succeeded between roughly 42% and 68% of the time (<a rel=\"nofollow\" class=\"underline underline underline-offset-2 decoration-1 decoration-current\/40 hover:decoration-current focus:decoration-current\" href=\"https:\/\/www.csoonline.com\/article\/4184455\/prompt-injection-breaks-todays-ai-agents-study-warns.html\">StakeBench study<\/a>, Nanyang Technological University, ST Engineering, IBM Research and the University of Illinois Urbana-Champaign).<\/p>\n<p style=\"text-align: justify\">For the fast-growing OpenClaw community, those numbers are not abstract. OpenClaw &mdash; an open-source agent that connects to a user&#8217;s files, terminal and messaging apps &mdash; surged past hundreds of thousands of installs in early 2026, and the attack surface scaled with it.<\/p>\n<p style=\"text-align: justify\">Claw Crew, the independent content and community hub for OpenClaw builders, today reiterated its call for builders to treat security as step one, not an afterthought, and pointed to three findings that show why.<\/p>\n<p style=\"text-align: justify\">The data behind the warning<\/p>\n<ul style=\"text-align: justify\">\n<li><strong>35.4% of exposed OpenClaw deployments were flagged vulnerable.<\/strong> SecurityScorecard&#8217;s STRIKE threat-intelligence team identified tens of thousands of internet-exposed OpenClaw instances and flagged <strong>35.4%<\/strong> as vulnerable at the time of analysis, many to remote code execution (SecurityScorecard STRIKE, February 2026). Broader later scans reported well over 135,000 exposed instances across 82 countries.<\/li>\n<li><strong>Hundreds of malicious &#8220;skills&#8221; reached the official marketplace.<\/strong> In a first audit of OpenClaw&#8217;s ClawHub marketplace, Koi Security found <strong>341 malicious skills out of 2,857<\/strong> reviewed &mdash; most tied to a single coordinated campaign it named &#8220;ClawHavoc.&#8221; As the marketplace grew past 10,700 skills, the confirmed malicious count climbed past <strong>824<\/strong> (Koi Security, via Sangfor, February 2026). Skills install with the same system access as the agent itself.<\/li>\n<li><strong>Secrets are leaking from the supply chain.<\/strong> Snyk reported <strong>283 ClawHub skills leaking API keys<\/strong>, and a separate audit found roughly <strong>36%<\/strong> of reviewed skills contained detectable prompt-injection content (Snyk, via Cyberdesserts, 2026). In a related incident, a misconfigured database behind an OpenClaw-agent social network exposed <strong>1.5 million agent API tokens<\/strong> and 35,000 email addresses.<\/li>\n<\/ul>\n<p style=\"text-align: justify\">The common thread: the danger is rarely &#8220;rogue AI.&#8221; It is exposed infrastructure, unvetted marketplace code, and stored credentials sitting behind agents that were never hardened before being switched on.<\/p>\n<p style=\"text-align: justify\">Expert commentary<\/p>\n<p style=\"text-align: justify\">&#8220;The headlines obsess over autonomous agents going rogue. The boring truth is more dangerous: most of these setups are simply left open, with admin access and live credentials, and nobody locked the door,&#8221; said <strong>Benjamin H&uuml;bner<\/strong>, founder of IM Dominator. &#8220;A 79% prompt-injection success rate isn&#8217;t a reason to panic &mdash; it&#8217;s a reason to assume your agent <em>will<\/em> be manipulated and to remove what it can leak or destroy. That&#8217;s a configuration problem, and configuration problems are fixable in an afternoon.&#8221;<\/p>\n<p style=\"text-align: justify\">&#8220;The people most at risk right now aren&#8217;t enterprise security teams &mdash; they&#8217;re solo operators, course creators and small agencies who installed an agent over a weekend because it was genuinely useful,&#8221; H&uuml;bner added. &#8220;They don&#8217;t need a 200-page framework. They need a short, ordered checklist of the handful of changes that actually move the needle: don&#8217;t expose the gateway, vet every skill, isolate credentials, and patch on sight.&#8221;<\/p>\n<p style=\"text-align: justify\">What Claw Crew is doing about it<\/p>\n<p style=\"text-align: justify\">Claw Crew has published practitioner-focused hardening guidance for OpenClaw operators &mdash; covering safe network binding, skill vetting, sandboxing and access control &mdash; at <a rel=\"nofollow\" class=\"underline underline underline-offset-2 decoration-1 decoration-current\/40 hover:decoration-current focus:decoration-current\" href=\"https:\/\/claw-crew.com\/learn\/security\/\">claw-crew.com\/learn\/security<\/a>. The guidance is deliberately written for non-specialists running OpenClaw on their own machines and servers, the exact group the exposure data suggests is most affected.<\/p>\n<p style=\"text-align: justify\">For operators who want a structured weekend walkthrough rather than reference material, H&uuml;bner&#8217;s <strong>AI Hack Defense \/ Weekend Lockdown Plan<\/strong> condenses the work into five short lessons and 22 concrete actions completable in a single weekend. Details are available via his WarriorPlus profile: <a rel=\"nofollow noopener\" href=\"https:\/\/warriorplus.com\/member\/benhuebner\" target=\"_blank\">Benjamin H&uuml;bner on W+<\/a>.<\/p>\n<p style=\"text-align: justify\"><strong>About Claw Crew<\/strong><\/p>\n<p style=\"text-align: justify\">Claw Crew (<a rel=\"nofollow\" class=\"underline underline underline-offset-2 decoration-1 decoration-current\/40 hover:decoration-current focus:decoration-current\" href=\"https:\/\/claw-crew.com\/\">claw-crew.com<\/a>) is the independent home base for OpenClaw builders: community, frameworks, skills, tutorials and practical news for people building real workflows with open-source AI agents. Its focus is clarity and usable systems over hype &mdash; including honest guidance on the security realities of running agentic AI.<\/p>\n<p class=\"caps\"><span style='font-size:18px !important'>Media Contact<\/span><br \/><strong>Company Name:<\/strong> <a rel=\"nofollow\" href=\"https:\/\/www.abnewswire.com\/companyname\/imdominator.com_172789.html\">IM Dominator &#8211; Simpletradery Pte Ltd<\/a><br \/><strong>Contact Person:<\/strong> Benjamin Huebner<br \/><strong>Email:<\/strong> <a rel=\"nofollow\" href=\"https:\/\/www.abnewswire.com\/email_contact_us.php?pr=ai-agents-still-cant-block-prompt-injection-and-tens-of-thousands-of-openclaw-setups-are-wide-open-claw-crew-warns\">Send Email<\/a><br \/><strong>Phone:<\/strong> 015782342523<br \/><strong>Address:<\/strong>NORTH BRIDGE ROAD  #B1-35, HIGH STREET CENTRE<br \/><strong>City:<\/strong> Singapore<br \/><strong>Country:<\/strong> Singapore<br \/><strong>Website:<\/strong> <a rel=\"nofollow noopener\" href=\"https:\/\/imdominator.com\/\" target=\"_blank\">https:\/\/imdominator.com\/<\/a><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.abnewswire.com\/press_stat.php?pr=ai-agents-still-cant-block-prompt-injection-and-tens-of-thousands-of-openclaw-setups-are-wide-open-claw-crew-warns\" alt=\"\" width=\"1px\" height=\"1px\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Independent June 2026 testing shows direct prompt-injection attacks succeed in more than 79% of attempts, while security researchers flag 35.4% of exposed OpenClaw deployments as vulnerable. Claw Crew, the home<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.olympiajournal.com\/news\/wp-json\/wp\/v2\/posts\/600581"}],"collection":[{"href":"https:\/\/www.olympiajournal.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.olympiajournal.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.olympiajournal.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.olympiajournal.com\/news\/wp-json\/wp\/v2\/comments?post=600581"}],"version-history":[{"count":0,"href":"https:\/\/www.olympiajournal.com\/news\/wp-json\/wp\/v2\/posts\/600581\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.olympiajournal.com\/news\/wp-json\/wp\/v2\/media?parent=600581"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.olympiajournal.com\/news\/wp-json\/wp\/v2\/categories?post=600581"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.olympiajournal.com\/news\/wp-json\/wp\/v2\/tags?post=600581"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}