AI social media communities were rocked today by an announcement from Summer Yue, Meta AI Security Director, who said that OpenClaw’s AI agent almost deleted her email inbox without her permission. This happened because she had connected the AI bot to her personal email account.
What happened next was that Summer asked OpenClaw to recommend which emails should be kept, and which ones should be deleted, but not to do anything without the user’s permission.
The prompt used by Summer Yue was successful when OpenClaw matched the test email, but because her Inbox was too large, the instruction given was compacted, and therefore, the instruction to do nothing after examining the Inbox was ignored, and the bot was ready to delete the emails that “should be deleted”.
When Summer realized that OpenClaw was preparing to delete the emails, the command to stop the deletion via her smart device was ignored, and she had to run to her computer to stop the action.
This issue is also seen to occur because as an open AI agent, OpenClaw's settings allow it to carry out any operation without waiting for a final word from the user. OpenClaw should also have stopped the deletion process when it received a new command, but perhaps because the AI agent was struggling with the size of Summer Yue's inbox, the command was ignored.
This can also be seen as a lesson to the public not to use AI technology arbitrarily just because it is a new technology that is seen as popular. Here it can be seen that even a professional like Summer Yue who is an AI security director at Meta almost lost all of her emails.
