--- title: "The father of OpenClaw confirms the vulnerability in a letter, 360 builds a solid security defense for the entire industry as \"shrimp farmers.\"" type: "News" locale: "en" url: "https://longbridge.com/en/news/280047603.md" description: "The 360 Security Cloud team has confirmed an unauthenticated upgrade vulnerability in the OpenClaw Gateway WebSocket, which has been reported to the National Information Security Vulnerability Sharing Platform. This vulnerability is a zero-day vulnerability that allows attackers to bypass permission authentication and control the agent gateway, potentially leading to system crashes. 360 has proposed a strategy of \"using AI to supervise AI\" and launched agent security detection capabilities to reduce security risks. The confirmation of this vulnerability demonstrates progress made by domestic security teams in identifying agent risks, providing a security reference for the agent application ecosystem" datetime: "2026-03-22T09:15:37.000Z" locales: - [zh-CN](https://longbridge.com/zh-CN/news/280047603.md) - [en](https://longbridge.com/en/news/280047603.md) - [zh-HK](https://longbridge.com/zh-HK/news/280047603.md) --- # The father of OpenClaw confirms the vulnerability in a letter, 360 builds a solid security defense for the entire industry as "shrimp farmers." Recently, the 360 Security Cloud team received an official email from Peter, the founder of OpenClaw. In his reply, Peter officially confirmed the unauthenticated upgrade vulnerability of the OpenClaw Gateway WebSocket, which was exclusively discovered by the 360 team. Currently, 360 has reported this high-risk vulnerability to the National Information Security Vulnerability Sharing Platform (CNVD), assisting in cutting off the risk source across the network in a timely manner. The confirmed WebSocket unauthenticated upgrade vulnerability is classified as a zero-day (0Day) vulnerability, which attackers can exploit to silently bypass permission authentication via WebSocket, gaining control of the agent gateway, potentially leading to resource exhaustion or complete system crashes. This vulnerability also serves as a reminder to the industry: as agents transition from "dialogue tools" to "execution systems," their security risks are rapidly extending from the model layer to the interface layer, skill invocation chain, and system permission layer. Publicly exposed interfaces, malicious skill poisoning, prompt injection, and a lack of auditing mechanisms are becoming common hidden dangers in the industry's "shrimp farming" process. As previously stated by Zhou Hongyi, the founder of 360 Group, the era of agents requires adherence to "model governance," constraining and monitoring the entire operational process of agents through security capabilities. In response to the aforementioned risks, 360 has established the core strategy of "using AI to supervise AI, and governing skill with skill," and has launched security detection and risk assessment capabilities for agent deployment (i.e., "360 Security Cloud · Lobster Protection") aimed at enterprises and developers, accurately identifying exposure surfaces, high-risk vulnerabilities, and risks from malicious skill introduction. At the same time, 360 has also launched an integrated solution for individual users, "360 Security Lobster," along with its built-in component "360 Lobster Guardian," which significantly reduces security uncertainties during local use of agents through isolated operating environments and strict permission control mechanisms. Industry insiders believe that the confirmation of this vulnerability by the original author demonstrates that domestic security teams have begun to form substantial risk identification capabilities at the core execution link layer of agents, providing important security references for the rapidly developing agent application ecosystem. The 360 Security Cloud team stated that in the future, 360 will continue to follow up on vulnerability mining and repair support for the OpenClaw ecosystem, promoting practical defenses for agent applications ### Related Stocks - [601360.CN](https://longbridge.com/en/quote/601360.CN.md) ## Related News & Research - [AI face is taking over — and driving plastic surgeons crazy](https://longbridge.com/en/news/286641783.md) - [06:07 ETStandardC Launches AI Platform for Financial Institutions, Where Customer PII Is Never Shared With AI Models (Patent Pending)](https://longbridge.com/en/news/286892045.md) - [College students boo after a 'new AI system' misses names during graduation ceremony](https://longbridge.com/en/news/286953353.md) - [11:30 ETDageno Launches Issues Panel and High-volume Prompt Miner to Help Growing Brands Turn AI Search Signals Into Growth Tasks](https://longbridge.com/en/news/286939643.md) - [Hippocratic AI Expands Life Sciences Leadership Team as Pharma and Medtech Demand for Voice AI Agents Accelerates](https://longbridge.com/en/news/287107640.md)