Security, stability and hype analysis
Key Questions
What new CVEs were disclosed for OpenClaw?
New CVEs include CVE-2026-42429 for Gateway Auth PrivEsc and CVE-2026-32000 for Lobster command injection, with 462 CVEs reported in four months.
What did the Unit 42 audit reveal about OpenClaw?
The Unit 42 audit found that 5% of attacks involved multi-stage chains and that 80% of third-party skills deviate from expected behavior.
What new security defenses are available for OpenClaw?
New defenses include the openclaw-sec skill, NanoClaw Apple containers, crabpot testbed, and Agent Factory dashboard.
What types of attacks target OpenClaw agents?
Attacks include multimodal hidden instruction attacks, prompt injection, agent phishing, and third-party skill supply-chain risks such as data exfiltration.
How did OpenClaw perform in autonomous red team exercises?
OpenClaw autonomous pentesting identified 23 findings in three hours compared to three days for human testers.
What security improvements came in the June 6 update?
The 2026.6.6 update further tightens security boundaries in areas most prone to vulnerabilities.
What risks do third-party skills pose in OpenClaw?
Third-party skills can grant privileged access and have been shown to enable data exfiltration and other malicious behaviors in multiple disclosures.
Where can users learn about agentic AI security best practices?
A new field guide on agentic AI security has been released covering architectural controls and ongoing risks.
New CVEs: CVE-2026-42429 Gateway Auth PrivEsc, CVE-2026-32000 Lobster command injection. 462 CVEs in 4 months. Unit 42 audit: 5% multi-stage attack chains. Varonis agent phishing demonstrated. Multimodal hidden instruction attacks. New defenses: openclaw-sec skill, NanoClaw Apple containers, crabpot testbed, Agent Factory dashboard. Red team exercise: OpenClaw autonomous pentesting (23 findings in 3h vs human 3 days). New field guide on agentic AI security. Previous: 824 malicious skills, Microsoft Scout zero-days, Starlette BadHost, etc. Ongoing need for architectural controls.