Research
Sleeper Channels: Persistent Prompt Injection Attacks in Always-On AI Agents (Claude Code, Hermes)
Paper identifies 'sleeper channels' in always-on autonomous AI agents like OpenClaw and Hermes Agent: untrusted input persists as a memory, skill, scheduled job, or filesystem patch, then fires later through a different surface with no attacker present. The attack exploits the single persistent process running under the owner's identity with unified access to messaging, memory, skills, scheduling, and shell. Two independent axes define the class: persistence substrate and activation surface.
Source
↳ Follow the thread