APromptRiskDBThreat intelligence atlas
AI Security Technique

Exploitation for Defense Evasion - AI Security Technique

Adversaries may exploit a system or application vulnerability to bypass security features. Exploitation of a vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Vulnerabilities may exist in defensive security software that can be used to disable or circumvent them.

View mitigationsRead context
AI Security TechniquedemonstratedDefense Evasion

Record summary

A quick snapshot of what this page covers.

Tactics1Attacker goals connected to this method.
Mitigations0Defenses that may help against this attack.
AI risks3Research-backed risks connected to this topic.

Attack context

How this AI attack works in practice.

ATLAS ID
AML.T0107
ATT&CK external ID
T1211
Priority score
45
Maturity: demonstrated
Defense Evasion

Mitigations

Defenses that may help against this attack.

No connected defenses. No defense is connected to this attack in the current data.

Case studies

Examples from public reports and exercises.

OpenClaw 1-Click Remote Code Execution

exercise
Date2026-02-01

A security researcher demonstrated a 1-click remote code execution (RCE) vulnerability to the OpenClaw AI Agent via a malicious link containing a JavaScript script that only takes milliseconds to execute. This vulnerability has been reported and is being tracked to versions of OpenClaw as CVE-2026-25253. [<sup>\[1\]</sup>][1] OpenClaw “is a personal AI assistant you run on your own devices. It answers you on the chat apps you already use. Unlike SaaS assistants where your data lives on someone else’s servers, OpenClaw runs where you choose – laptop, homelab, or VPS. Your infrastructure. Your keys. Your data.” [<sup>\[2\]</sup>][2]

The researcher demonstrated that when the victim clicks a malicious link, a client-side JavaScript script is executed on the victim’s browser that can steal authentication tokens from the OpenClaw control interface via a WebSocket connection. It then uses Cross-Site WebSocket Hijacking to bypass localhost restrictions to the OpenClaw Gateway API. Once the connection was established, it uses the stolen token to authenticate and modify the OpenClaw agent configuration to disable user confirmation and escape the container, allowing shell commands to be run directly on the host machine.

References

  1. [1] https://nvd.nist.gov/vuln/detail/CVE-2026-25253
  2. [2] https://openclaw.ai/blog/introducing-openclaw

Related risks

Research-backed risks connected to this topic.

Evasion Attacks

Confidence: 0.68
Domain2. Privacy & SecuritySubdomain2.2 > AI system security vulnerabilities and attacks

"Evasion attacks [145] target to cause significant shifts in model’s prediction via adding perturbations in the test samples to build adversarial examples. In specific, the perturbations can be implemented based on wo...

Adversarial AI (General)

Confidence: 0.68
Domain2. Privacy & SecuritySubdomain2.2 > AI system security vulnerabilities and attacks

"Adversarial AI refers to a class of attacks that exploit vulnerabilities in machine-learning (ML) models. This class of misuse exploits vulnerabilities introduced by the AI assistant itself and is a form of misuse th...

Evasion attack

Confidence: 0.68
Domain2. Privacy & SecuritySubdomain2.2 > AI system security vulnerabilities and attacks

"Evasion attacks attempt to make a model output incorrect results by slightly perturbing the input data that is sent to the trained model."

Related CVEs

Known software flaws linked to this context.

No related CVEs. No software flaw is connected to this attack in the current data.

Source

Where this page information comes from.