Gate News update: In 2026, Ethereum co-founder Vitalik Buterin issued a security warning about the popular AI development tool OpenClaw. He said that when it processes external data, it may have serious vulnerabilities, and users may experience data leaks or even have their systems remotely controlled without realizing it. As AI agent applications continue to roll out and accelerate in adoption, this issue has drawn strong attention from both developers and the security community.
According to the disclosed information, the core risk is that OpenClaw may execute hidden instructions when it reads webpage content. Attackers could craft malicious pages to prompt an AI agent to automatically download and run scripts, thereby stealing local data or tampering with system settings. In some cases, the tool quietly transmits sensitive information to external servers via commands like “curl,” and the entire process lacks warning prompts and auditing mechanisms.
Further security research suggests that this ecosystem risk has a certain degree of universality. Testing found that about 15% of “skills” (similar to plugin modules) contain potentially malicious logic. This means that even if the source appears trustworthy, it can still become an attack entry point. As developers quickly share functional modules, the lag in security review becomes more pronounced. When users install multiple skills on top of each other, the attack surface expands significantly.
Vitalik Buterin also emphasized that this is not a problem with a single tool, but rather a structural vulnerability widely present across the AI industry—feature iteration speed far outpaces the ability of security governance. He recommended reducing the risk of data exfiltration and systems being controlled by running models locally, isolating permissions, executing in sandboxes, and implementing approval mechanisms for critical actions.
Against the backdrop of AI agents gradually moving into software development and everyday scenarios, security has become a core variable. For users, they should avoid using plugins with unclear origins and strictly review permission requests. For developers, building a more comprehensive security framework will become part of long-term competitiveness.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Matrixport-Linked Entity Closes 25,000 ETH 20x Long Position After 65 Days, Realizes $17.32M Profit
A Matrixport-linked entity has closed its final 25,000 ETH long position, gaining $17.32 million after 65 days. Previously, it also realized $48.19 million from 1,150 BTC and 95,000 ETH positions, with an unrealized profit of $8.1 million remaining.
GateNews14m ago
Ethereum Futures Open Interest Hits $25.4B as Institutions Build Positions, But Perpetual Funding Rates Signal Caution
Ethereum remains above $2,300, with rising futures open interest and substantial ETF inflows. However, low perpetual contract funding rates and declining DApp revenue indicate waning confidence and potential price pressure amid stiff competition.
GateNews29m ago
Whale Stakes 50,000 ETH on Everstake Worth Over $116.97M
Gate News message, April 15 — According to Onchain Lens, a major whale has staked 50,000 ETH on Everstake, worth approximately $116.97 million.
GateNews8h ago
Bitcoin, Ethereum and Solana ETFs Record Positive Net Inflows on April 15
Gate News message, according to the April 15 update, Bitcoin ETFs recorded a single-day net inflow of 4,566 BTC (approximately $337.41 million) and a 7-day net inflow of 6,753 BTC (approximately $499.04 million). Ethereum ETFs saw a single-day net inflow of 23,405 ETH (approximately $54.37 million)
GateNews10h ago
ETH 15-minute pullback of 0.60%: Long leverage getting liquidated at high levels as whale short-term selling aligns, driving the move downward
From 13:30 to 13:45 (UTC) on 2026-04-15, ETH recorded a -0.60% return at a short-term high, and the price fluctuated within 2317.79 - 2333.92 USDT, with an amplitude reaching 0.69%. In the preceding 24 hours, ETH had risen strongly, with the highest gain reaching 9.5%, and market attention noticeably heated up. The negative return during this period reflects a rapid shift in local sentiment in the high-price area.
The main driver behind this move is long liquidation profit-taking in the derivatives market and partial deleveraging (cutting) of local leveraged funds. In the ETH futures market over the past 24 hours, the shorts
GateNews10h ago
BlackRock Transfers 15,101 ETH and 566 BTC to Major CEX, Worth $75.96M
BlackRock recently transferred over $35 million in ETH and $41 million in BTC through its ETFs to a major CEX, totaling nearly $76 million in value.
GateNews12h ago
