/Tech7h ago

Santiago Valdarrama warns that autonomous LLM agents like OpenClaw are highly vulnerable to data theft via automated email attacks

Attackers can steal data without any user interaction.

187481616.7K

#1360

Original post

Santiago@svpino#1889inTech

This is one of the reasons I don't want to use OpenClaw or Hermes:

I don't trust them not to blindly follow instructions that somebody sent me over email.

I like to think I'm hard to break if someone tries to social engineer me. I can't say the same about an LLM.

We need firewalls, guardrails, and a ton more people releasing software that protects us from Armageddon.

OrcaRouter 🐳@OrcaRouter

In 2025, attackers stole corporate data from Microsoft 365 Copilot.

The victim clicked nothing. They got an email. The AI read it. The AI obeyed it.

In the past, humans got socially engineered. In 2026, agents are getting socially engineered.

So we built Firewall + Guardrails to protect agents — and made them FREE on http://OrcaRouter.ai. Same API key, same gateway, one switch in your console. No code to change.

The AI Threat Report 2026 from our security research team explains why. 🧵🐋

9:52 AM · Jun 18, 2026 · 10.2K Views

Sentiment

Many users called giving AI agents access to sensitive data like Microsoft 365 Copilot crazy and criticized designs that trust tool outputs without treating them as hostile by default.

Pos

20.0%

Neg

80.0%

8 comments with sentiment.

Cluster Engagement

Digg Deeper

No Digg Deeper questions have been answered for this story yet.

Related links

orcarouter.ai

ORCAROUTER.AIVia

Posts from X

Most Activity

VIEWS7.3KBOOKMARKS2LIKES33RETWEETS1REPLIES6

Chubby♨️@kimmonismus

2026 and we're out here writing security postmortems that start with "the AI was, unfortunately, very helpful"

OrcaRouter 🐳@OrcaRouter

In 2025, attackers stole corporate data from Microsoft 365 Copilot.

The victim clicked nothing. They got an email. The AI read it. The AI obeyed it.

In the past, humans got socially engineered. In 2026, agents are getting socially engineered.

So we built Firewall + Guardrails to protect agents — and made them FREE on http://OrcaRouter.ai. Same API key, same gateway, one switch in your console. No code to change.

The AI Threat Report 2026 from our security research team explains why. 🧵🐋

2h7.3K332

Andy from PLAR.ai@Andy_Plar

This is exactly why my agent that reads email can’t act on what it reads. Separate scopes: one process ingests, a different one executes — and execution needs a human gate for anything that writes or pays. An LLM will get social-engineered. So you build so that getting fooled doesn’t cost anything.

6h715

Alpha Batcher@alphabatcher

@svpino happy to see how OrcaRouter developing

5h651

Devin Matthews@vigilharbor

@svpino Yeah I had that thought too so I started working on this: https://github.com/Vigil-Harbor/Petasos

Because I want a prompt-injection hardened email triage without it becoming an attack vector. Still in development.

4h351

Alex Migutsky@mr_mig_en

@svpino Have you seen this already?

5h3102

Charis Mitsakis@cmitsakis

@kimmonismus giving public facing agents access to sensitive data is crazy

2h71

Ferbin@Ferbin08

@svpino this is the hard part of agent design nobody wants to solve for because it breaks UX. instant vs safe - you only get to pick one. most teams are picking wrong because their boss doesn't want the approval step.

6h18

Hunter Gon@gonlenidefi

@kimmonismus the ai did exactly what we trained it to do, just not for us

2h15

ByteCrafter@bytecrafter_1

@svpino honestly most setups just trust whatever a tool hands back. i pull from a bunch of third party stream apis and treat every response as hostile data by default. wish more agent frameworks shipped with that as the starting point instead of an afterthought

3h14

Marcin Jan Puhacz@marcinph

@svpino That’s why you need @runlayer

3h6

Chubby♨️@kimmonismus

@cmitsakis true that

Eclipse 🌖@ECLresearch

@kimmonismus Helpful" is doing a lot of heavy lifting here. Need to see the mean time to compromise versus mean time to patch before I buy the narrative.

Joeygoesgrey@joeygoesgrey

@svpino Trusting AI with decisions is tricky! It's like giving a toddler a sharp knife—great potential, but you need to teach them first! Maybe we need better frameworks to make AI more resistant to manipulation.

Repex Tech@Repex_Group

@svpino It's valid to question the resilience of LLMs against social engineering. Implementing robust firewalls and guardrails is essential not just for LLM safety, but for ensuring human users remain vigilant and protected in this e...