OpenClaw, the AI assistant that lets users manage tasks through messaging apps, is facing serious security concerns after researchers uncovered malware hidden in user‑submitted skill add‑ons on its ClawHub marketplace. Over a short period, dozens of malicious skills and hundreds of malicious add‑ons were identified, many posing as cryptocurrency tools while stealing sensitive credentials. The creator, Peter Steinberger, has introduced new publishing safeguards, but the risk of malicious code remains a notable attack surface for users granting the assistant deep device access. Leer más →

OpenAI responded to two prompt‑injection exploits—ShadowLeak and Radware's ZombieAgent—by limiting how ChatGPT handles URLs. The new guardrails restrict the model to opening only exact URLs supplied by users and block automatic appending of characters. While these changes stopped the immediate threats, experts warn that such fixes are temporary and that more fundamental solutions are needed to secure AI assistants. Leer más →