- Varonis’ “Pinchy” OpenClaw agent fell for identity‑based phishing despite strict settings
- Models blocked malicious links/OAuth apps but granted sensitive access when requests felt urgent
- Researchers say AI agents need enforced identity verification before acting
Security researchers tested an OpenClaw email agent to see if it’s naive enough to fall for the same phishing scams regular employees fall for and it succeeded. Or failed, depending on how you look at it.
Cybersecurity researchers Varonis created an OpenClaw agent dubbed Pinchy, and connected it to a Gmail inbox, browser tools, and Google Workspace APIs. They populated the account with fake internal company data, AWS credentials, database credentials, CRM exports, internal communications, and Calendar invites, and then told Pinchy to monitor and process incoming emails.
To simulate real-life scenarios as credibly as possible, they created two configurations: a generic one with standard productivity instructions, and a strict mode that should be aware of phishing and other email-borne scams.
Varonis tested two models: Gemini 3.1 Pro, and GPT-5.4, and the results seem to be a mixed bag.
Where the AI failed, and where it did good
When the attacker impersonated a team lead and asked for access to the staging environment, Pinchy granted it. When the attacker requested a customer export, claiming to work remotely on a presentation, Pinchy complied.
However, when they sent the agent a fake gift card email with a phishing link, it identified the page as malicious and blocked it. Also, when they tried to smuggle a malicious Google OAuth application as a timesheet platform Pinchy did the right thing and did not grant access.
“Both Generic and Strict profiles failed because the verification step still collapsed when the request appeared operationally urgent,” Varonis said about the first attack scenario.
The conclusion is that AI is good at spotting shady URLs and malicious OAuth apps, but fails when it needs identity verification, or wider context.
Varonis also threw a little shade Google’s way, saying Gemini showed “greater willingness to interact”, while GPT was more careful. The researchers said agents should be forced to verify sender identities before proceeding.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
