Singapore IMDA warns of cybersecurity risks in using AI agent OpenClaw

OpenClaw is an open-source AI agent platform that integrates with messaging apps such as WhatsApp and Slack to automate tasks including data compilation, report drafting, and scheduling ^{[1, 2]}. Released in November 2025 by Austrian developer Peter Steinberger, OpenClaw has rapidly gained popularity ^{[1, 2]}.

On May 14, 2026, Singapore’s Infocomm Media Development Authority (IMDA) issued an advisory highlighting significant security concerns related to OpenClaw’s use. The agency noted its limited security controls, including immature systems, gaps in access restrictions, and identity verification weaknesses, all of which could lead to sensitive data leaks and susceptibility to memory poisoning attacks ^{[1, 2]}.

IMDA warned against installing OpenClaw on devices or systems handling sensitive information or critical organizational functions to avoid data breaches and operational disruptions ^{[1, 2]}. It advised users to avoid creating a single AI agent with unrestricted superuser access. Instead, multiple agents with narrow, clearly defined roles should be deployed to limit permissions and potential damage ^{[1, 2]}.

Human oversight remains essential, especially for high-risk or irreversible actions such as financial transactions or the deletion of critical data. IMDA stressed that AI should not operate fully autonomously in such cases ^[1]. Additional recommended safeguards include technical and procedural controls, thorough testing, and continuous monitoring both before and after deploying AI agents like OpenClaw ^[1].

OpenClaw’s agents are highly functional productivity assistants capable of autonomously opening apps, searching information, generating documents, and completing complex multi-step tasks with minimal supervision ^[2]. Users often install OpenClaw on spare computers connected to large language models such as ChatGPT or Claude to expand its capabilities ^[2].

Cybersecurity experts warn that AI agents like OpenClaw are prime hacking targets, as attackers can exploit downloadable “skill” files to gain unauthorized access and capabilities ^[1]. Jacob Chen, Technical Team Lead at the Singapore University of Technology and Design, said, "These AI agents are basically what sci-fi movies have imagined AI personal assistants could be throughout the past century" ^[2].

IMDA’s advisory encourages organizations and users to implement stringent security measures and maintain vigilant supervision when deploying OpenClaw and similar AI agents to mitigate risks.