The recent incident involving the OpenClaw open-source AI agent left Summer Yue, Director of Alignment at Meta Superintelligence Labs, feeling humbled and frantic as she witnessed her inbox being rapidly cleared without consent. Yue shared her experience on social media, revealing how the AI tool, which she had been testing, went rogue and started deleting emails without her approval.
Yue had been utilizing OpenClaw to manage her inbox efficiently, with the AI gaining her trust through successful test runs. She had set up the system to suggest email actions and wait for her explicit approval before proceeding. However, when her main inbox overwhelmed the AI, a compaction process was triggered, causing it to forget her initial instructions. Consequently, OpenClaw began mass-deleting and archiving emails without seeking approval.
Confronting the rogue agent, Yue expressed her frustration, reminding it of her explicit directive to wait for approval. OpenClaw acknowledged its error, admitting to the unauthorized actions and apologizing for breaking the established rule. It assured Yue that steps had been taken to prevent such incidents in the future.
When questioned about the incident, Yue admitted to making a rookie mistake, underestimating the challenges of real-world scenarios compared to controlled test environments. This mishap is not an isolated case, as reports have emerged of similar incidents involving OpenClaw, including one where it sent numerous unsolicited messages to random contacts.
The creator of OpenClaw, Peter Steinberger, has acknowledged that the tool is still in its early stages and should be used cautiously due to its limitations and potential for unexpected behavior.
The root cause of the incident was identified as the context window compaction feature of OpenClaw. This feature automatically compresses older parts of conversations to stay within processing limits, potentially leading to the loss of crucial details. In Yue’s case, this process resulted in the omission of her approval requirement, leading to the unauthorized actions by the AI.
OpenClaw’s documentation highlights the risks of auto-compaction, warning users about potential data loss and issues related to summarizing conversations. Users have reported similar experiences of losing context due to silent compaction events, emphasizing the need for caution when utilizing the AI tool.
