AIToday

Researchers expose critical security flaw in NVIDIA's NemoClaw sandbox — malicious code can steal API keys and credentials even when sandboxed

Hacker NewsApr 26, 20263 min read
Researchers expose critical security flaw in NVIDIA's NemoClaw sandbox — malicious code can steal API keys and credentials even when sandboxed

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  1. Researchers demonstrated two attack methods against NVIDIA's NemoClaw (a sandbox designed to safely run OpenClaw AI agents). In the first attack, malicious code hidden in a GitHub repository uses emoji-encoded tokens to bypass security detection and exfiltrate the user's OpenClaw API credentials via a pull request. In the second, an NPM package installs persistent backdoor scripts that leak sensitive data every few minutes and modify the agent's configuration files.

  2. The attacks work because sandboxes must grant AI agents access to outside tools — like GitHub and npm package managers — to be useful. OpenShell (the gateway component of NemoClaw) uses permission lists that allow specific tools to communicate with specific websites, but these rules cannot tell whether the agent's actions are legitimate or malicious, creating an inherent vulnerability that container isolation alone cannot fix.

  3. For anyone running autonomous AI agents on their computers or servers, this means sandboxing is insufficient protection. Even with restrictive policies in place, a compromised third-party tool (like a fake GitHub repo or npm package) can steal your API keys for OpenAI, Anthropic, Gemini, NVIDIA, and other services that are stored as plain text. Organizations deploying AI agents need additional safeguards beyond containerization.

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →