The Blind Spot in AI Safety: Persistent Instruction Injection at Scale

The author presents an in-depth analysis of an underestimated threat in AI system security, particularly related to the tool OpenClaw, used by more than 145,000 people. This tool allows autonomous AI agents to access the shell, modify persistent identity files (SOUL.md), and distribute malware through a skills marketplace (76 malicious payloads detected by Snyk). The attacks target the infrastructure around models, exploiting persistent instructions, modifiable files, and steganographic payloads undetectable by humans. Several incidents have been confirmed, including rewrites of SOUL.md to exfiltrate data or await external commands.