OpenClaw is indistinguishable from malware and should be treated as such in enterprise networks.
-
@Sempf Without chasing down binary hashes, this is the best I've found for detection/remediation: https://github.com/knostic/openclaw-detect
@mttaggart Wow. Ok I'll take a look, thank you. Many concerned folx.
-
@Sempf Without chasing down binary hashes, this is the best I've found for detection/remediation: https://github.com/knostic/openclaw-detect
Oh, I see, @Sempf was about detecting it.
From what I see, the answer is, if you implement ISO 27001 you'd have to introduce managed machines anyway, meaning you can prevent admin access by users and always pull a software inventory from the machines under your rule.
There is various software to support this.
-
@mttaggart Seeing as how OpenClaw is doing nothing except expressly, in its mind anyway, performing the requests of a user under that user's permissions using that user's tools, how exactly would you recommend we prevent it on enterprise networks?
That reads kind of snarky, and it isn't. It's an honest question. I just got it from a customer.
> how exactly would you recommend we prevent it on enterprise networks?
As LLMs are by nature not deterministic, the only way is to not use it
-
@Sempf Without chasing down binary hashes, this is the best I've found for detection/remediation: https://github.com/knostic/openclaw-detect
@mttaggart @Sempf
Hm, a lot of this could be detected with Sentinel... -
@mttaggart @Sempf
Hm, a lot of this could be detected with Sentinel...@FritzAdalis @Sempf Tanium too, methinks. The easiest tell is the
openclawfolder, which is created regardless of install method.The network detections are rough. 18789/tcp has a lot of false positives, and also the modern installation is not open by default. It also can use Tailscale for exposure, so you'll see Wireguard traffic, but not OpenClaw.
-
@FritzAdalis @Sempf Tanium too, methinks. The easiest tell is the
openclawfolder, which is created regardless of install method.The network detections are rough. 18789/tcp has a lot of false positives, and also the modern installation is not open by default. It also can use Tailscale for exposure, so you'll see Wireguard traffic, but not OpenClaw.
@mttaggart @Sempf
Well the clients are instrumented with Defender, so if e.g. 18789/tcp is open I can see which procees. Or I could run the script with Intune, but I already have the data. -
OpenClaw is indistinguishable from malware and should be treated as such in enterprise networks.
Do what you want with your own data and gear, but bring that garbage onto my network and I am locking all phaser banks.
https://www.404media.co/meta-director-of-ai-safety-allows-ai-agent-to-accidentally-delete-her-inbox/
@mttaggart to highlight how absurd this is, a collection of synonymous scenarios:
Head Linux administrator accidentally runs `rm -rf /`
Lead DBA accidentally drops production database
Secretary of HHS takes up scientifically dubious fad diet (whoops)
Safe driving instructor gets license revoked after multiple DUI -
@mttaggart @Sempf
Well the clients are instrumented with Defender, so if e.g. 18789/tcp is open I can see which procees. Or I could run the script with Intune, but I already have the data.@FritzAdalis @Sempf That's just the default though, and shouldn't be the only check. Luckily, since
openclawis the binary, you can also just look for process creation. -
@FritzAdalis @Sempf That's just the default though, and shouldn't be the only check. Luckily, since
openclawis the binary, you can also just look for process creation.@mttaggart @FritzAdalis @Sempf if you’re a Tenable shop, they have a plugin as well. Not as active as a network or endpoint detection, but it’s a common thing many of us already have and sending to our SIEMs. Auto-contain that shit.
-
OpenClaw is indistinguishable from malware and should be treated as such in enterprise networks.
Do what you want with your own data and gear, but bring that garbage onto my network and I am locking all phaser banks.
https://www.404media.co/meta-director-of-ai-safety-allows-ai-agent-to-accidentally-delete-her-inbox/
@mttaggart the whole point of automation should be to work around the fact that humans make mistakes, not to place landmines on all the places people make mistakes. I think this tech is being embraced by the same kind of people who didn't immediately have alarms going off in their head about cloud IoT products.
-
OpenClaw is indistinguishable from malware and should be treated as such in enterprise networks.
Do what you want with your own data and gear, but bring that garbage onto my network and I am locking all phaser banks.
https://www.404media.co/meta-director-of-ai-safety-allows-ai-agent-to-accidentally-delete-her-inbox/
@mttaggart Over here giggling like a maniac reading this shit...
-
OpenClaw is indistinguishable from malware and should be treated as such in enterprise networks.
Do what you want with your own data and gear, but bring that garbage onto my network and I am locking all phaser banks.
https://www.404media.co/meta-director-of-ai-safety-allows-ai-agent-to-accidentally-delete-her-inbox/
@mttaggart When will they learn that "instructing" an AI agent is not the same as programming an automation routine.
One is deterministic and one is most decidedly NOT!
You can get bad results with programming; GIGO after all. However, you can never be 100% sure what you're going to get from probabilistic AI.
It's a version of the problem expressed in Zack Korman's video about scanning AI bot skills for security. Even if you get it mostly right, the gap's the problem.
-
T tanyakaroli@expressional.social shared this topic
