Singapore warns of cybersecurity risks from autonomous AI agents

CSA said OpenClaw deployments should use least privilege, trusted skills, human approval, updates, and stronger organisational controls.
Singapore CSA cybersecurity advisory on autonomous AI agents, OpenClaw risks, memory poisoning, Zero Trust safeguards, and human oversight

Singapore’s Cyber Security Agency (CSA) has issued an advisory warning that autonomous AI agents, including OpenClaw, can pose serious cybersecurity risks if deployed without appropriate safeguards.

The advisory references to Infocomm Media Development Authority (IMDA) case study on the responsible deployment of OpenClaw and highlights risks associated with AI agents that can understand context, plan tasks, use external tools, and act on behalf of users.

CSA said such agents can offer productivity benefits but may expose users and organisations to risks, including unpatched vulnerabilities, weak access controls, sensitive data exposure, malicious third-party skills, and memory poisoning.

The agency warned that unresolved risks could lead to agent hijacking, unauthorised actions through tool or API abuse, and unauthorised access to systems or data. It cited the IMDA case study’s warning that ‘accepting the risks associated with granting OpenClaw broader capabilities should be an intentional decision, and not the result of default configurations that were overlooked’.

For individuals, CSA recommends avoiding OpenClaw’s open-source form on devices containing sensitive data, running it under least-privileged accounts, installing skills only from trusted sources, keeping sensitive data out of reach, requiring human approval for high-risk actions, and promptly applying updates.

For organisations, the advisory calls for stronger safeguards, including Zero Trust principles, narrowly scoped agents, dedicated and regularly rotated credentials, policy-enforcing proxies, persistent logging, human approval for irreversible actions, negative testing before deployment, and recovery from a known-good baseline after compromise.

CSA also noted that variants, including NanoClaw and Nvidia’s NemoClaw, have emerged since OpenClaw’s launch. It said organisations requiring agentic AI capabilities should evaluate whether such variants meet their performance and security requirements, as safeguards for agentic AI are still maturing.

Why does it matter?

Agentic AI systems are increasingly being deployed to automate tasks that involve access to data, software tools, and online services. Singapore’s advisory highlights growing concerns that autonomous agents can create new attack surfaces if security controls, oversight mechanisms, and access restrictions are not built into deployments from the start.

The guidance also reflects broader efforts by governments and regulators to develop security practices for rapidly evolving AI systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.