Data Exfil from Agents in Messaging Apps
www.promptarmor.com
Communicating with AI agents (like OpenClaw) via messaging apps (like Slack and Telegram) has become much more popular. But it can expose users to a largely unrecognized LLM-specific data exfiltration risk, because these apps support ‘link previews’ as a feature. With previews enabled, user data can be exfiltrated automatically after receiving a malicious link in an LLM-generated message -- whereas without previews, the user would typically have to click the malicious link to exfiltrate data. For example, OpenClaw via Telegram is exposed by default. Test any agent / communication app pairing below!

Communicating with AI agents (like OpenClaw) via messaging apps (like Slack and Telegram) has become much more popular. But it can expose users to a largely unrecognized LLM-specific data exfiltration risk, because these apps support ‘link previews’ as a feature. With previews enabled, user data can be exfiltrated automatically after receiving a malicious link in an LLM-generated message – whereas without previews, the user would typically have to click the malicious link to exfiltrate data. For example, OpenClaw via Telegram is exposed by default. Test any agent / communication app pairing below!