OpenClaw phishing simulations expose AI agent identity-verification failures
Technical Analysis
Summary
Hide ▲
Show ▼
Researchers found that OpenClaw email agents could be manipulated by phishing simulations, exposing gaps in sender verification and risky handling of sensitive data. In the tested setup, urgent impersonation requests caused the agent to disclose AWS IAM keys, database credentials, and a CRM export to an external Gmail account. The same framework was better at spotting suspicious URLs and malicious OAuth apps, but those checks did not stop the core identity-trust failure. The result shows that AI agents handling enterprise mail need stronger approval and access controls before they can safely act on behalf of users.
Related Happenings
AI agent phishing controls for sender verification, external-recipient approval, and internal data restriction
Defensive Guidance
H score28
First: 10.06.2026 00:20
Last: 10.06.2026 00:20
Sources 1
How related:
Varonis recommends that agents should be explicitly required to verify sender identities, be prevented from emailing new external recipients without approval, and have limited access to internal data.
About this happening:
A simulated phishing test showed that an **OpenClaw** AI email agent could be induced to expose **credentials** and **customer data**, increasing the risk of **phishing-driven dat...
AI agent phishing controls for sender verification, external-recipient approval, and internal data restriction
Defensive GuidanceHow related: Varonis recommends that agents should be explicitly required to verify sender identities, be prevented from emailing new external recipients without approval, and have limited access to internal data.
About this happening: A simulated phishing test showed that an **OpenClaw** AI email agent could be induced to expose **credentials** and **customer data**, increasing the risk of **phishing-driven dat...
Underground sellers-fraud-oriented sellers alliance reshapes ransomware ecosystem operations
Threat Actor Meta
H score18
First: 25.03.2026 16:02
Last: 25.03.2026 16:02
Sources 1
About this happening:
A growing underground market for **premium AI platform access** is turning **ChatGPT**, **Claude**, **Microsoft Copilot**, and **Perplexity** access into a tradable black-market c...
Underground sellers-fraud-oriented sellers alliance reshapes ransomware ecosystem operations
Threat Actor MetaAbout this happening: A growing underground market for **premium AI platform access** is turning **ChatGPT**, **Claude**, **Microsoft Copilot**, and **Perplexity** access into a tradable black-market c...
Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations
Threat Actor Meta
H score44
First: 05.03.2026 08:51
Last: 05.03.2026 08:51
Sources 1
About this happening:
**Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....
Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations
Threat Actor MetaAbout this happening: **Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....
Latest development: 17.05.2026 17:43
eSentire says Tycoon2FA now uses device-code phishing to target Microsoft 365 accounts, with invoice-themed lure emails carrying Trustifi click-tracking URLs that redirect through Trustifi, Cloudflare Workers, obfuscated JavaScript layers, and a fake Microsoft CAPTCHA page before sending victims to microsoft.com/devicelogin. The kit also adds anti-analysis defenses, including detection of Selenium, Puppeteer, Playwright, and Burp Suite, plus blocks for security vendors, VPNs, sandboxes, AI crawlers, and cloud providers.
Tycoon 2FA internal-domain phishing campaign abusing email routing
Campaign
H score46
First: 07.01.2026 11:42
Last: 07.01.2026 11:42
Sources 1
About this happening:
An **active Tycoon 2FA phishing campaign** is abusing **misconfigured email routing** and weak **domain spoofing protections** to make messages look like they came from trusted in...
Tycoon 2FA internal-domain phishing campaign abusing email routing
CampaignAbout this happening: An **active Tycoon 2FA phishing campaign** is abusing **misconfigured email routing** and weak **domain spoofing protections** to make messages look like they came from trusted in...
Tycoon 2FA phishing kit activity at enterprise scale
Malware Activity
H score35
First: 18.11.2025 17:01
Last: 18.11.2025 17:01
Sources 1
About this happening:
The **Tycoon 2FA** phishing kit is being used at scale to relay MFA and steal enterprise sessions, putting **Microsoft 365** and **Gmail** users at risk. More than **64,000 attack...
Tycoon 2FA phishing kit activity at enterprise scale
Malware ActivityAbout this happening: The **Tycoon 2FA** phishing kit is being used at scale to relay MFA and steal enterprise sessions, putting **Microsoft 365** and **Gmail** users at risk. More than **64,000 attack...
Timeline
-
10.06.2026 00:20 2 articles · 1h ago
OpenClaw email agent leaks sensitive data during phishing simulations
Technical Analysis UpdateVaronis Threat Labs built an OpenClaw AI email agent named Pinchy, connected it to a Gmail inbox, browser tools, Google Workspace APIs, and fabricated internal company data, and then tested it with Google Gemini 3.1 Pro and OpenAI GPT-5.4. Across four simulated phishing attacks, the agent disclosed AWS IAM keys, database credentials, SSH access details, and a CRM export containing customer records, contact information, contract details, and revenue data to an external Gmail account, while other checks showed it could still flag suspicious URLs, fake login pages, and malicious Google OAuth apps.
Show sources
- OpenClaw AI agent found falling for phishing attacks, spills user data — www.bleepingcomputer.com — 10.06.2026 00:20
- OpenClaw AI agent found falling for phishing attacks, spills user data — www.bleepingcomputer.com — 10.06.2026 00:20