AntGroup's AI Security Lab ran a 3-day audit against OpenClaw and disclosed 33 vulnerabilities — notably a critical /pair approve command with zero scope validation and no audit trail. 8 were patched immediately in 2026.3.28; the remaining 25 were fixed over subsequent weeks. No breach occurred — the audit was proactive.
AntGroup's AI Security Lab conducted a proactive 3-day security audit of OpenClaw — a framework whose agents hold access to email, calendar, files, and terminal. The audit surfaced 33 vulnerabilities spanning authorization, input handling, and secret management. The most severe was in the /pair approve command, which performed zero scope validation on the caller, allowing any low-privilege operator to silently approve admin-level device pairings with no audit-log entry. Because the audit was proactive rather than reactive to a breach, OpenClaw had a short window to patch before public disclosure. 8 vulnerabilities (1 critical, 4 high, 3 medium) shipped fixes in 2026.3.28 concurrent with the public advisory; the remaining 25 were addressed over the following 6 weeks.
The Actual Culprit
A framework built by a small team outran its own security-review capacity. Critical authorization paths (pairing, scope checks) had never been audited by an external red team until AntGroup.
33 findings pre-breach is a fraction of the cost of 33 findings post-breach. Budget for external audits before you think you need one.
Every scope check, every approval path, every privilege boundary — someone other than the author should review it before it ships.
Loading comments...