A recently identified vulnerability in OpenClaw has revealed the potential for malicious websites to take control of AI agents. By exploiting a flaw in WebSocket connections to the OpenClaw gateway port, attackers could bypass security measures and seize control of the system’s AI functionalities through brute-force attacks on passwords.
The OpenClaw Gateway Port Was Left Wide Open
Website security faces a growing number of attack vectors, with the OpenClaw platform serving as the latest target. The discovered vulnerability involves the capacity of malicious websites to establish a WebSocket connection directly to localhost via the OpenClaw gateway port. Through this method, attackers could brute force login credentials and take full control over the AI agent.
How the WebSocket Exploit Actually Worked
The attack hinged on the OpenClaw gateway port’s exposure to unauthorized WebSocket connections. By opening a connection to localhost, attackers created a pathway to brute force passwords, ultimately leading to full control over OpenClaw agents.
- Localhost Exposure : WebSocket connections provided a direct route to bypass traditional security protocols.
- Password Brute Forcing : Through repeated password attempts, attackers could work through the system and eventually seize control of AI agents.
Taking Over AI Agents Had Serious Consequences
Once attackers moved past OpenClaw’s security defenses, they gained the ability to control or significantly disrupt the actions of AI agents within the system. This type of exploitation presents not only immediate threats but also long-term risks, ranging from data exposure to broader system manipulation. The ability for any malicious website to initiate this kind of takeover without direct user interaction makes the scope of the threat particularly concerning for organizations running OpenClaw in production environments.
How to Defend Against This Type of Attack
Security teams reviewing their exposure to this vulnerability should focus on a few core areas to reduce risk and prevent similar weaknesses from being exploited in the future.
- Adding Protective Layers : Strengthening firewall rules and deploying intrusion detection systems to monitor WebSocket traffic can provide an added line of defense against unauthorized connection attempts.
- Tightening Password Protocols : Enforcing strong, complex password requirements reduces the likelihood of a successful brute force attack. Pairing this with multi-factor authentication (MFA) further limits the damage if credentials are ever compromised.
- Restricting Localhost Access : Limiting which services can establish WebSocket connections to localhost, particularly on known gateway ports, is a direct and practical step toward closing this attack surface.
Addressing the OpenClaw vulnerability is critical for maintaining the security of AI agents and protecting against unauthorized access. This incident is a clear reminder that as AI-integrated platforms grow in deployment, the attack surfaces they introduce must be treated with the same rigor applied to any other production system.
