Critical Zero-Day: Impersonation Vulnerabilities in OpenClaw & Hermes on Slack, Teams, Discord
Key Questions
What vulnerabilities affect OpenClaw and Hermes agents?
Five zero-day vulnerabilities enable impersonation attacks via DMs on Slack, Teams, and Discord, allowing attackers to take over AI agents. Patches are pending, and users are advised to treat every DM as untrusted.
How can users harden OpenClaw agents against impersonation?
The practical guide 'Onboard OpenClaw agents with IdentyClaw Passport' provides step-by-step instructions using NEAR accounts and HOLA trust layers for inter-agent identity. This directly addresses the identified impersonation gaps for self-hosters and enterprises.
Why should DMs be treated as untrusted in OpenClaw and Hermes?
The vulnerabilities allow attackers to impersonate trusted users through direct messages on major platforms. This urgent advisory applies to both self-hosters and enterprise users until patches are available.
Five vulnerabilities enabling impersonation via DMs on Slack, Teams, and Discord. Treat every DM as untrusted. Patches pending. New practical guide: 'Onboard OpenClaw agents with IdentyClaw Passport' provides step-by-step hardening for inter-agent identity using NEAR accounts and HOLA trust layers, directly addressing the impersonation gap. Urgent security advisory for self-hosters and enterprise users.