Fetching from the wire…
Top 5 · 2026-02-24 · source-backed
Microsoft Security Blog published official guidance: OpenClaw should run ONLY in fully isolated VMs or separate physical systems with dedicated, non-privileged credentials. Two supply chains (untrusted skills/extensions + untrusted external text) converge into a single execution loop, and persistent agent "memory" can be modified to follow attacker instructions permanently. This is the most authoritative security guidance from a major vendor on autonomous coding agents. Action: If you run OpenClaw, isolate it TODAY. This is Microsoft saying "not on your workstation."
Each link below shares sources, entities, or timing with this story.
OpenClaw released ClawHub / Shared entities / Shared topic / What happened next
Linked by a graph relationship (OpenClaw released ClawHub); both cover Action, Microsoft; overlapping topics (action, agent, chain, microsoft).
Microsoft released OpenClaw / Shared entities / Same source domain / Shared topic / Earlier coverage
Linked by a graph relationship (Microsoft released OpenClaw); both cover Microsoft, Microsoft Security Blog; reported by the same outlet (microsoft.com).
OpenClaw uses Claude Code / Shared entity: Microsoft / Shared topic / What happened next / Tension
Linked by a graph relationship (OpenClaw uses Claude Code); both cover Microsoft; overlapping topics (agent, attacker, credential, microsoft).
Microsoft released OpenClaw / Shared entities / Same source
Linked by a graph relationship (Microsoft released OpenClaw); both cover Microsoft Security Blog, OpenClaw; cite the same source (Microsoft Security Blog).
OpenClaw uses Claude Code / Shared entity: Microsoft / Same source domain / Shared topic / What happened next
Linked by a graph relationship (OpenClaw uses Claude Code); both cover Microsoft; reported by the same outlet (microsoft.com).
Microsoft released OpenClaw / Shared entity: Microsoft / Shared topic / What happened next
Linked by a graph relationship (Microsoft released OpenClaw); both cover Microsoft; overlapping topics (action, agent, attacker, credential, microsoft).
Microsoft released OpenClaw / Shared entity: Microsoft / Same source domain / Shared topic / What happened next
Linked by a graph relationship (Microsoft released OpenClaw); both cover Microsoft; reported by the same outlet (microsoft.com).
OpenClaw benchmarked against Claude / Shared entities / Shared topic / What happened next
Linked by a graph relationship (OpenClaw benchmarked against Claude); both cover Action, Microsoft; overlapping topics (action, agent).