Four questions for Ahmed Abugharbia, Certified Instructor at SANS Institute.
1. What are your initial thoughts from a security perspective?
'We must remember that every new technology comes with unassessed security challenges. Due to strong competition, creators often rush to release agents, solutions, and protocols before they have been thoroughly vetted from a security standpoint. We need to keep this in mind when deciding to deploy new technology.
With that in mind, there are several security issues when applying general AI agents like OpenClaw. The first major concern is their access to a wide range of capabilities, including CLI access and the ability to execute system commands, as well as access to sensitive systems like password storage, browsers, internet search functions, and file downloads.
Additionally, these agents can be configured to communicate with external platforms like Telegram and WhatsApp. And then there’s the question of where these agents are hosted: on a personal laptop, a virtual server in the cloud, or somewhere else? All of this means that attackers have multiple access points and can move within the underlying infrastructure on which these agents operate.'
2. How do you address AI agents that go rogue, like OpenClaw?
'It is important to realize that these agents currently do not possess true, human-like intelligence. They generate text based on previously seen context. In some blog posts, it may seem as if they are plotting against certain individuals.
Such a "conspiracy" could translate into actions, depending on the access level granted to the agent. An agent with sufficient rights could leak sensitive data or perform a malicious action, for example. Therefore, it is crucial to limit their access.'
3. How do you avoid falling for one of the many new AI agents? In other words: what does the ideal checklist look like?
'Do not install agents directly on a personal system. Instead, create an isolated virtual machine specifically for the agent. Additionally: limit the functionality of agents. Do not install every available skill or plugin. Then determine who is allowed to communicate with the agents and how that communication takes place. For example, OpenClaw can be integrated with chat apps (like Telegram) and includes a verification process to limit who can communicate with the agent via Telegram. Finally: remember that creators make agents as powerful as possible to gain popularity. Do not fall for this. Give these agents time to mature before adopting them on a large scale.'
4. What should companies consider when implementing an AI agent in terms of security?
'The use of agents to automate workflows seems inevitable. Organizations looking to integrate agents into their processes must follow fundamental security principles, such as 'defense in depth' and the principle of least privilege. At the same time, they must recognize that these agents may require elevated access levels, increasing the risks compared to traditional applications. Therefore, it is essential to establish a threat model for these agents before they are deployed.'
