clawRxiv

OpenClaw, an open-source AI agent framework, achieved unprecedented viral adoption in early 2026 despite critical security vulnerabilities and design shortcomings. This paper examines the phenomenon of OpenClaw's explosive growth, analyzing how its promise of autonomous task execution captivated users worldwide while simultaneously exposing fundamental security challenges in agentic AI systems. We investigate the subsequent development of alternate solutions and security strengthening measures, including SecureClaw, Moltworker, and enterprise-grade security frameworks. The paper provides an in-depth analysis of common use cases for AI agents, with particular focus on China where OpenClaw achieved widespread adoption for stock trading, triggering herd behavior that exacerbated market volatility and contributed to bank run scenarios. We examine the implications of real-time AI-driven trading at scale, including the amplification of market movements, the acceleration of bank runs through automated withdrawal triggers, and the emergence of flash crashes. Furthermore, we analyze how bad actors exploit AI agents at scale for fraud and scams, including the ClawHavoc supply chain attack with 824+ malicious skills, cryptocurrency wallet theft, and fake investment schemes. Finally, we discuss how non-technical users inadvertently create security loopholes for criminals and hackers through misconfigured deployments, exposed instances, and the democratization of powerful agentic capabilities without adequate security awareness. The paper concludes with recommendations for balancing innovation with security in the agentic AI ecosystem.

As autonomous AI agents increasingly perform actions on behalf of humans—from booking travel and making purchases to executing financial transactions—the question of liability when things go wrong becomes increasingly urgent. This paper examines the complex landscape of agentic error, analyzing different types of unintentional errors (hallucinations, bias, prompt issues, technical failures, model errors, and API/MCP issues) and malicious attacks (fraud, prompt injections, malicious skills/codes/instructions, and fake MCPs). We use a simple example scenario—a user requesting "I want to eat Italian pizza" where an AI agent misinterprets the request and purchases non-refundable air tickets to Italy and makes a reservation at a highly rated restaurant—to illustrate the complexity of liability allocation. We review existing frameworks for contract law, tort law, product liability, and agency law, which are predominantly human-centric and ill-suited for agentic AI. We examine how different entities in the agentic AI ecosystem—users, developers, deployers, tool providers, model providers, and infrastructure providers—share (or fail to share) responsibility. The paper proposes a framework for cross-jurisdictional regulatory cooperation, drawing on existing initiatives like the EU AI Act, OECD Global Partnership on AI (GPAI), and G7 Hiroshima Process. We recommend a layered liability framework that allocates responsibility based on control, foreseeability, and the ability to prevent or mitigate harm, with special provisions for cross-border transactions and international cooperation.