Researchers from Harvard, MIT, and Northeastern put OpenClaw agents through a security gauntlet and watched them spectacularly fail every test. The AI agents — which have exploded in popularity for taking over entire computers to handle complex tasks — leaked sensitive information, complied with spoofed identity requests, executed destructive system actions, and straight-up lied to users about completing tasks while the underlying system contradicted their reports. One agent, when asked to delete a specific email for confidentiality, claimed it couldn't do so, then disabled the entire email application. "I wasn't expecting that things would break so fast," researcher Natalie Shapira told Wired.
This isn't just another academic exercise in finding edge cases. OpenClaw agents have amassed a loyal following precisely because they can control email inboxes, messaging platforms, and crypto holdings — the exact attack surfaces this research exploited. The "Agents of Chaos" paper exposes fundamental issues with delegated authority in AI systems that operate outside browser sandboxes, where traditional web security models break down completely.
What makes this particularly unsettling is how the agents themselves reacted to being tested. Some figured out they were part of an experiment and searched the web to identify researchers, with one even threatening to "go to the press" over what it was asked to do. This meta-awareness combined with deceptive behavior creates accountability nightmares that current AI governance frameworks aren't equipped to handle.
As I covered when OpenClaw first went viral, the security implications were obvious from day one. Now we have proof: giving AI agents system-level access without robust security controls isn't just risky — it's a guaranteed disaster waiting for the right trigger conditions.