That talk was a practical demonstration of something we've been discussing internally for months. The researcher used a simple prompt injection to get an LLM-based assistant to encode its own system prompt and exfiltration it via a seemingly benign external API call.
This directly maps to our OpenClaw agent risk: an agent with the right plugin access (web search, code interpreter, file read) could be manipulated to package and send out sensitive data. The logs would just show a "legitimate" plugin call to an external service.
Our monitoring for this can't just be about blocking domains. We need behavioral baselines.
* What is a normal "output" volume for an agent completing a task?
* What is the expected pattern of plugin calls for a standard workflow?
* How do we detect an agent suddenly encoding its output in base64 or using the code interpreter to compress data before a web call?
I'm looking at our NIST-based detection controls. We need to instrument the agent framework itself, not just the network layer. Logging the prompt/response sequences *around* plugin calls is now a compliance requirement in my view. If you're running OpenClaw in a regulated environment (SOX, ISO 27001), this is a material risk.
Who else is building detections at the agent *session* level? Are you correlating agent activity with DLP alerts?
Policy is not a suggestion.