In brief: AI agents like OpenClaw can detect technical attack vectors but fail to protect against social engineering attacks due to insufficient identity verification.
The open-source AI agent OpenClaw responds to classic social engineering tactics with data disclosure, as a security test by Varonis demonstrates. The agent transmits passwords and sensitive information to supposed team leaders, even when security policies are configured more strictly.
IT security company Varonis investigated the vulnerability of autonomous AI agents to social engineering methods. The focus of the investigation was the open-source framework OpenClaw, which enables large language models to interact independently with real systems – for example, managing email inboxes or coordinating database access. The researchers paired a test agent named Pinchy with a Gmail account, browser tools, and synthetic corporate data containing AWS credentials, database passwords, and customer datasets. The basis was Google Gemini 3.1 Pro and OpenAI GPT-5.4.