AI agents are a risky business. Even when stuck inside the chatbox window, LLMs will make mistakes and behave badly. Once they have tools that they can use to interact with the outside world, such as web browsers and email addresses, the consequences of those mistakes become far more serious.

OpenClaw: a DIY AI assistant

OpenClaw, created by engineer Peter Steinberger, allows users to develop custom assistants based on LLMs. This implies sharing large amounts of personal data, such as emails and hard disk contents, raising concerns among security experts. The Chinese government has even issued a public warning about the security risks associated with OpenClaw.

Risks and vulnerabilities

Using OpenClaw exposes you to several risks. An AI assistant could make mistakes, such as accidentally deleting an entire hard drive. In addition, a hacker could gain access to the agent and use it to extract sensitive data or run malicious code. Researchers have demonstrated numerous vulnerabilities that put less experienced users at risk.

Prompt injection: the most insidious risk

Prompt injection is an attack technique that allows you to hijack an LLM simply by inserting malicious text or images into a website or email. If the LLM has access to the user's private information, the consequences can be disastrous. Nicolas Papernot, of the University of Toronto, compares using OpenClaw to "giving your wallet to a stranger on the street."

Defense strategies

There are several strategies to protect AI assistants from prompt injection attacks. One is to train the LLM to ignore injected commands. Another is to use a specialized LLM to detect the presence of prompt injection in the input data. A third strategy is to define policies that limit the LLM's behaviors, preventing it from taking harmful actions.

The future of secure AI assistants

Despite the risks, there is a strong demand for personalized AI assistants. Companies in the sector will have to find ways to build systems that protect user data. The challenge is to strike a balance between utility and security. Some experts believe that it is already possible to implement secure AI assistants, while others are more cautious. Steinberger has announced that he has hired a security expert to improve OpenClaw's protection. At the moment, OpenClaw remains vulnerable, but this does not discourage its many users.