Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
More
340,000 Star System Breach! 360 Vulnerability Discovery AI Identifies New Critical OpenClaw Vulnerability
Recently, 360 Digital Security Group, leveraging its own independently developed 360 Multi-Intelligent-Agents Collaborative Vulnerability Mining system (abbreviated as: 360 Vulnerability Mining Intelligent Agent), successfully discovered a high-severity vulnerability on the OpenClaw platform with 340,000 stars on GitHub—an issue in which a MEDIA protocol prompt injection bypasses tool permission controls to leak local files. The vulnerability has been formally confirmed by the National Information Security Vulnerability Database (CNNVD). Its impact covers more than 50 countries and regions worldwide, and over 170,000 publicly accessible OpenClaw instances face security risks. This marks yet another breakthrough in the field of intelligent-agent vulnerability mining, following the earlier discovery by 360 of related OpenClaw security vulnerabilities and the founder of OpenClaw replying to confirm them, highlighting 360’s technical leadership in the global AI intelligent agent security domain.
据360安全专家介绍,本次发现的高危漏洞存在于OpenClaw 2026.3.13版本的核心媒体处理模块,兼具攻击门槛低、影响范围广、危害程度大三大显著特征。该漏洞的核心风险在于,MEDIA协议运行于输出后处理层,可完全绕过平台工具策略控制,即便Agent禁用所有工具调用,攻击者仅凭群聊基础成员权限即可发起攻击,直接窃取服务器敏感信息,极易引发后续网络攻击。
针对该漏洞,360已独立完成漏洞攻击链的验证与实测,充分确认其真实性与可利用性,并为平台方修复提供专业技术支持与修复建议。
而此次OpenClaw高危漏洞的发现,精准印证了360集团创始人周鸿祎在2026年全国两会提案中,对黑客智能体时代安全趋势的前瞻性判断。他指出,当前,大模型已进化为可独立思考、熟练使用工具的智能体,彻底改写安全行业规则。一方面,传统安全依赖规则匹配与人工审查,难以发现隐蔽高危漏洞,安全专家稀缺导致“发现难、修复慢”;另一方面,黑客智能体可7×24小时自动攻击,攻防从“人与人对抗”升级为“人与机器的不对称对抗”;同时AI自身漏洞与注入风险,可能让数字威胁向物理世界蔓延。
面对行业挑战,360深耕安全领域十余年,深度融合AI技术,打造漏洞处置、攻击溯源等系列安全智能体,并在关键信息基础设施等领域落地应用。通过具备自动感知、研判、响应能力的安全智能体构建主动防御体系,精准应对黑客智能体威胁。
当行业多数漏洞扫描工具仍停留在规则被动扫描阶段,360漏洞挖掘智能体已实现关键突破,推动漏洞挖掘从“规则驱动”向“智能思维驱动”跃迁。在本次 OpenClaw漏洞挖掘中,系统由观察者智能体统一调度,攻击面分析、AI代码审计、动态渗透等专业智能体协同作业,形成标准化、闭环化的漏洞挖掘体系。其中,攻击面分析智能体锁定业务所有入口,规则引擎精准锚定危险锚点;AI代码审计智能体穿透跨文件、跨模块复杂调用链,精准发现传统工具难以触及的隐藏漏洞。
整个过程将高级安全专家的攻防经验转化为智能体的标准化作业能力,实现了漏洞从发现、验证到解决方案输出的高效推进,精准且快速地定位了OpenClaw的高价值安全漏洞。
未来,360将持续升级AI漏洞挖掘技术能力,积极推动安全智能体在更多新兴领域规模化落地,护航智能经济时代AI产业高质量发展。
(责任编辑:姜永丹 )
【免责声明】本文仅代表第三方观点,不代表和讯网立场。投资者据此操作,风险请自担。