[DigitalToday reporter Chi-gyu Hwang] AI coding tools have become a new target for security threats. An open-source AI coding agent, Cline, was hacked, leading to the unauthorized installation of OpenClaw, The Verge reported on Feb. 19 (local time).

Security researcher Adnan Khan (아드난 칸) found and disclosed a vulnerability in Cline. Cline uses Anthropic’s Claude, and the flaw made prompt injection attacks possible. One hacker used the vulnerability to manipulate Cline to automatically install OpenClaw on Cline users’ computers.

OpenClaw is software that allows an AI agent to directly control a system, and no major damage occurred because it did not activate after installation. Still, The Verge reported that in environments where AI can issue commands directly to a computer, even small vulnerabilities can become critical security threats.

Security problems could become more serious as AI agents grow more powerful. OpenAI introduced “Lockdown Mode” in ChatGPT to prevent unauthorized data transfers, but it remains difficult to fully block prompt injection attacks. Khan said he informed Cline in advance about the vulnerability but was ignored, and that a patch was made only after he publicly pointed out the issue, The Verge reported.