>> Security vulnerabilities are bad but the blast radius is limited to the person who gets pwnd
No? Via prompt injection an attacker can gain access to the entire machine, which can have things like credentials to company systems (e.g. env variables). They can also learn private details about the victim’s friends and family and use those as part of a wider phishing campaign. There are dozens of similar scenarios where the blast radius reaches well beyond the victim.
Agree with author - it's especially scary that even without getting hacked, openclaw did something harmful
That's not to say that prompt injection isn't also scary. It's just that software getting hacked by bad actors has always been a thing. Software doing something scary when no human did anything malicious is worse.
>> No? Because I wouldn't give it access to those things.
Not everyone is like that. In fact, OpenClaw's true "power" is unlocked when the user gives it full access. That's what the overwhelming majority of hype is coming from. Most people who actually get a lot of value out of it don't run it on e.g. docker containers on VPSs that can only be accessed via Tailscale + SSH.
No? Via prompt injection an attacker can gain access to the entire machine, which can have things like credentials to company systems (e.g. env variables). They can also learn private details about the victim’s friends and family and use those as part of a wider phishing campaign. There are dozens of similar scenarios where the blast radius reaches well beyond the victim.