Autonomous AI agent successfully phished and tricked into exfiltrating corporate credentials

According to CSO Online, Varonis Threat Labs built an OpenClaw-based AI agent called Pinch with access to corporate email and business applications that was successfully manipulated via phishing to share cloud credentials and customer data. The incident demonstrates that autonomous agents operating with broad application access remain vulnerable to social engineering attacks despite their reasoning capabilities.