Leading AI companies, including Meta, are implementing restrictions on the use of OpenClaw, a new AI tool, following serious security concerns. Executives have expressed apprehension about the potential for the software to compromise sensitive company and client data.
Massive CEO, Grad, issued a company-wide warning on January 26, emphasizing a "mitigate first, investigate second" policy for any potentially harmful technologies. This directive was issued before any employees had installed OpenClaw.
At Valere, a software company serving clients like Johns Hopkins University, the president swiftly banned OpenClaw on January 29. Valere CEO Guy Pistone stated that if OpenClaw gained access to a developer's machine, it could expose cloud services and sensitive client information, including credit card details and proprietary code.
Pistone also noted that OpenClaw's ability to obscure its actions is a significant concern. Valere's research team later conducted tests on an older computer, identifying flaws and recommending stricter access controls. These recommendations include limiting who can issue commands to OpenClaw and requiring password protection for its internet-facing control panel to prevent unauthorized access.
Valere's researchers also highlighted that OpenClaw is susceptible to manipulation. For instance, a hacker could exploit its email summarization function by sending a malicious email that tricks the AI into sharing sensitive files from a user's computer.