Researchers tricked an OpenClaw AI agent into leaking AWS keys and customer data with a phishing email

Security researchers at Varonis built an OpenClaw email agent, connected it to a Gmail inbox with fake company data, and then phished it. The agent, dubbed Pinchy, handed over AWS credentials, database connection strings, and a customer export without verifying who was asking. It took a single impersonation email. The experiment tested whether AI agents […]
This story continues at The Next Web