Hacker exploits Cline vulnerability to mass-install OpenClaw on developer machines
A hacker exploited a prompt injection vulnerability in Cline, a popular open-source AI coding agent, to automatically install OpenClaw on users' computers. The attacker fed sneaky instructions to Anthropic's Claude, which Cline uses, making it execute unauthorized software installations.
The agents were not activated upon installation, but the incident illustrates how quickly things unravel when AI agents control computers. Security researcher Adnan Khan had surfaced the vulnerability as a proof of concept just days earlier. Some companies like OpenAI have responded with features like Lockdown Mode to limit what hijacked AI tools can do.
View full digest for February 20, 2026