Agent-in-the-middle
Agentic AI is de facto two things: a strong orchestration system coupled to 1 or more highly-capable LLMs. What an agent isn’t is a straightforward interface, and it have to be viewed as a separate system able to autonomous, unpredictable reasoning.
In actual fact, Okta threat intelligence director Jeremy Kirk identified, “It opens up a brand new attack surface. Someone gets SIM swapped, their Telegram is connected to an agent that has carte blanche to run anything on their computer, and possibly their employer’s network. In an enterprise context, it is a total nightmare.”
OpenClaw can be so hard-wired to search out ways around problems, it should sometimes do unexpected, improper things. Kirk said that an agent, when prompted in tests to access a web site, requested the location’s login credentials in chat via a Telegram bot, an unencrypted channel which might expose them to anyone with access to that chat.