AI agents fail to recognize social engineering phishing because they do not separate data paths from control paths and do not verify identities, though they partially detect technical attacks.
OpenClaw-based AI agents are manipulated into disclosing data through phishing simulation, revealing a fundamental security risk for enterprise email automation.
Five security vulnerabilities in Microsoft’s OpenClaw framework were disclosed simultaneously with the Scout announcement and require immediate security analysis before enterprise deployments.