ClawJacked Vulnerability in OpenClaw Could Let Websites Hijack AI Agents

Is your AI assistant safe? Oasis Security researchers have found a critical ClawJacked vulnerability in OpenClaw that allows hackers to hijack AI agents through a simple browser tab.

It has been a whirlwind few months for Peter Steinberger and his creation, OpenClaw. The AI tool, which acts as a personal assistant for developers, exploded in popularity, racking up 100,000 GitHub stars in less than a week. It even caught the eye of OpenAI’s Sam Altman, who recently brought Steinberger on board, calling him a genius. But according to researchers at Oasis Security, that rapid success came with a hidden danger.

The Oasis Research team has just released details on ClawJacked (CVE-2026-25253), a significant vulnerability chain that effectively allowed any website to take over a person’s AI agent. For your information, this isn’t a problem with a fancy plugin or a shady download; it was a flaw ...