{"id":"https://openalex.org/W7136907752","doi":"https://doi.org/10.48550/arxiv.2603.12644","title":"Uncovering Security Threats and Architecting Defenses in Autonomous Agents: A Case Study of OpenClaw","display_name":"Uncovering Security Threats and Architecting Defenses in Autonomous Agents: A Case Study of OpenClaw","publication_year":2026,"publication_date":"2026-03-13","ids":{"openalex":"https://openalex.org/W7136907752","doi":"https://doi.org/10.48550/arxiv.2603.12644"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.12644","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.12644","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.12644","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5020945039","display_name":"Zonghao Ying","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ying, Zonghao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129453238","display_name":"Xiao Yang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yang, Xiao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101310153","display_name":"Siyang Wu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wu, Siyang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126162648","display_name":"Yumeng Song","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Song, Yumeng","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129453043","display_name":"Yang Qu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Qu, Yang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109719851","display_name":"Hainan Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Hainan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018445417","display_name":"Tianlin Li","orcid":"https://orcid.org/0009-0000-0307-2649"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Tianlin","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129438377","display_name":"Jiakai Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Jiakai","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129516481","display_name":"Aishan Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Aishan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5129499701","display_name":"Xianglong Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Xianglong","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":10,"corresponding_author_ids":["https://openalex.org/A5020945039"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.28029999136924744,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.28029999136924744,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.11180000007152557,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.09629999846220016,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/blueprint","display_name":"Blueprint","score":0.5702000260353088},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.4860999882221222},{"id":"https://openalex.org/keywords/autonomy","display_name":"Autonomy","score":0.3928000032901764},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.385699987411499},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.3732999861240387},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3675999939441681},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.36010000109672546},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.35929998755455017},{"id":"https://openalex.org/keywords/software-architecture","display_name":"Software architecture","score":0.3434000015258789},{"id":"https://openalex.org/keywords/taxonomy","display_name":"Taxonomy (biology)","score":0.33880001306533813}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.677299976348877},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6542999744415283},{"id":"https://openalex.org/C155911762","wikidata":"https://www.wikidata.org/wiki/Q422321","display_name":"Blueprint","level":2,"score":0.5702000260353088},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.4860999882221222},{"id":"https://openalex.org/C65414064","wikidata":"https://www.wikidata.org/wiki/Q484105","display_name":"Autonomy","level":2,"score":0.3928000032901764},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.385699987411499},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3732999861240387},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3675999939441681},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.36010000109672546},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.35929998755455017},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3528999984264374},{"id":"https://openalex.org/C35869016","wikidata":"https://www.wikidata.org/wiki/Q846636","display_name":"Software architecture","level":3,"score":0.3434000015258789},{"id":"https://openalex.org/C58642233","wikidata":"https://www.wikidata.org/wiki/Q8269924","display_name":"Taxonomy (biology)","level":2,"score":0.33880001306533813},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.33629998564720154},{"id":"https://openalex.org/C153701036","wikidata":"https://www.wikidata.org/wiki/Q659974","display_name":"Trustworthiness","level":2,"score":0.3206000030040741},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.31040000915527344},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.31040000915527344},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.3034000098705292},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.29440000653266907},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.29249998927116394},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.29120001196861267},{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.2888999879360199},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.28690001368522644},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.28600001335144043},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.28450000286102295},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.2815000116825104},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.27810001373291016},{"id":"https://openalex.org/C98025372","wikidata":"https://www.wikidata.org/wiki/Q477538","display_name":"Systems architecture","level":3,"score":0.26910001039505005},{"id":"https://openalex.org/C139807058","wikidata":"https://www.wikidata.org/wiki/Q352374","display_name":"Adaptation (eye)","level":2,"score":0.2651999890804291},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.2644999921321869},{"id":"https://openalex.org/C108170787","wikidata":"https://www.wikidata.org/wiki/Q3951828","display_name":"Agency (philosophy)","level":2,"score":0.26339998841285706},{"id":"https://openalex.org/C13687954","wikidata":"https://www.wikidata.org/wiki/Q4826847","display_name":"Autonomous agent","level":2,"score":0.2624000012874603},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.26030001044273376},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.257099986076355},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.25699999928474426},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.2542000114917755}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.12644","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.12644","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.12644","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.12644","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/15","score":0.47253715991973877,"display_name":"Life in Land"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0],"rapid":[1],"evolution":[2],"of":[3,35,55],"Large":[4],"Language":[5],"Models":[6],"(LLMs)":[7],"into":[8,171],"autonomous,":[9],"tool-calling":[10],"agents":[11,166],"has":[12],"fundamentally":[13],"altered":[14],"the":[15,27,56,121,160],"cybersecurity":[16],"landscape.":[17],"Frameworks":[18],"like":[19],"OpenClaw":[20,57],"grant":[21],"AI":[22,105],"systems":[23],"operating-system-level":[24],"permissions":[25],"and":[26,83,109,139,163,176],"autonomy":[28],"to":[29,158],"execute":[30],"complex":[31],"workflows.":[32],"This":[33,48,127,155],"level":[34],"access":[36],"creates":[37],"unprecedented":[38],"security":[39,53],"challenges.":[40],"Consequently,":[41],"traditional":[42],"content-filtering":[43],"defenses":[44],"have":[45],"become":[46],"obsolete.":[47],"report":[49],"presents":[50],"a":[51,94],"comprehensive":[52],"analysis":[54],"ecosystem.":[58],"We":[59],"systematically":[60,88],"investigate":[61],"its":[62],"current":[63],"threat":[64],"landscape,":[65],"highlighting":[66],"critical":[67],"vulnerabilities":[68,103],"such":[69],"as":[70],"prompt":[71],"injection-driven":[72],"Remote":[73],"Code":[74],"Execution":[75],"(RCE),":[76],"sequential":[77],"tool":[78],"attack":[79],"chains,":[80],"context":[81],"amnesia,":[82],"supply":[84],"chain":[85],"contamination.":[86],"To":[87,113],"contextualize":[89],"these":[90,115],"threats,":[91],"we":[92,119,147],"propose":[93],"novel":[95],"tri-layered":[96],"risk":[97],"taxonomy":[98],"for":[99,132],"autonomous":[100,165],"Agents,":[101],"categorizing":[102],"across":[104],"Cognitive,":[106],"Software":[107],"Execution,":[108],"Information":[110],"System":[111],"dimensions.":[112],"address":[114],"systemic":[116],"architectural":[117],"flaws,":[118],"introduce":[120],"Full-Lifecycle":[122],"Agent":[123],"Security":[124],"Architecture":[125],"(FASA).":[126],"theoretical":[128],"defense":[129],"blueprint":[130],"advocates":[131],"zero-trust":[133],"agentic":[134],"execution,":[135],"dynamic":[136],"intent":[137],"verification,":[138],"cross-layer":[140],"reasoning-action":[141],"correlation.":[142],"Building":[143],"on":[144],"this":[145],"framework,":[146],"present":[148],"Project":[149],"ClawGuard,":[150],"our":[151],"ongoing":[152],"engineering":[153],"initiative.":[154],"project":[156],"aims":[157],"implement":[159],"FASA":[161],"paradigm":[162],"transition":[164],"from":[167],"high-risk":[168],"experimental":[169],"utilities":[170],"trustworthy":[172],"systems.":[173],"Our":[174],"code":[175],"dataset":[177],"are":[178],"available":[179],"at":[180],"https://github.com/NY1024/ClawGuard.":[181]},"counts_by_year":[],"updated_date":"2026-03-17T07:05:13.627479","created_date":"2026-03-17T00:00:00"}