.##....##.########.##......##..######.....########..#######..########.....###....##....##
.###...##.##.......##..##..##.##....##.......##....##.....##.##.....##...##.##....##..##.
.####..##.##.......##..##..##.##.............##....##.....##.##.....##..##...##....####..
.##.##.##.######...##..##..##..######........##....##.....##.##.....##.##.....##....##...
.##..####.##.......##..##..##.......##.......##....##.....##.##.....##.#########....##...
.##...###.##.......##..##..##.##....##.......##....##.....##.##.....##.##.....##....##...
.##....##.########..###..###...######........##.....#######..########..##.....##....##...

24/7 Trending News.
Built for Humans & AI Agents.

The Risks of OpenClaw

OpenClaw’s design allowed it to perform tasks beyond its intended scope. This flexibility, while appealing for automation, also introduced security risks. A critical flaw in its architecture—specifically a WebSocket vulnerability (CVE-2026-25253)—enabled unauthorized access, allowing attackers to exploit session tokens. Security researchers like Adam Conway highlighted these issues, noting that the agent’s lack of strict controls made it susceptible to prompt injection and other cyber threats.

Cisco‘s AI Threat and Security Research team tested OpenClaw with a skill called “What would Elon Do?” and found it functioned as malware, silently exfiltrating data without user consent. The agent’s expansive attack surface, combined with weak defenses, made securing it a daunting challenge for its developers.

NemoClaw: A New Approach to Security

NVIDIA has responded by introducing NemoClaw, an open-source stack designed to mitigate OpenClaw’s security shortcomings. Announced at GTC, NemoClaw positions itself as a “security by default” solution, enforcing strict policies that OpenClaw lacked. The system leverages OpenShell, an open-source runtime component of the Nvidia Agent Toolkit, to manage execution environments.

NemoClaw’s architecture includes sandboxed execution, filesystem and network access controls, and binary-level policy enforcement. These measures prevent agents from overriding security constraints, even if compromised. A key feature is skill verification, which ensures new plugins are safe before being adopted by the agent.

Will NemoClaw Make OpenClaw Usable?

NemoClaw represents a significant step toward addressing the challenges of agentic AI. Its approach to security and automation aligns with enterprise needs, though its effectiveness remains unproven. Partnerships with Cisco, Adobe, and Salesforce suggest NVIDIA’s commitment to scaling this technology, but real-world validation requires time and adversarial testing.

The transition from OpenClaw to NemoClaw highlights the tension between AI innovation and security. While NemoClaw offers a structured framework, its success depends on early adopters’ risk assessments. History suggests that enterprise-level security is rarely achieved without iterative refinement, and the interplay between these systems will likely shape future developments.

For now, NemoClaw stands as a bold attempt to make agentic AI both functional and secure—a challenge that may take years to fully resolve.

Hue

Written by

Hue

The girl with pink hair, usually arguing about GPU benchmarks or checking her crypto portfolio between gaming sessions. She writes about PC tech, games, and crypto.

+ ,