OpenClaw lesson: AI agents are a black hole

This report examines the emergent security risks posed by autonomous AI agents—using OpenClaw and a Copilot summary bug as examples—highlighting novel attack vectors (prompt injection, poisoned agent memory, persistent backdoors), widespread detection and inventory gaps, and pragmatic mitigations (least privilege, sandboxing, provenance, threat modeling such as RAK) while emphasizing that legacy AppSec tooling and controls are insufficient for agentic systems.