We Gave OpenClaw Red Team Tools (It Found Domain Admin)

sophos logo
Sophos
Jun 11, 2026
Sophos

Our Red Team handed OpenClaw a penetration testing toolkit and pointed it at one of our own legacy Active Directory networks. 23 findings across 11 attack paths...

But the findings aren't the interesting part. What's interesting is how it got there. Work that takes our human team three days took the agent three hours. Mid assessment it hit a wall, reasoned about its own limitations and proposed spinning up an EC2 GPU instance to crack a password hash. Nobody told it to.

We walk through one attack path in detail, the guardrails that kept it contained and the model refusals you should expect if you try this yourself.

References:
https://www.sophos.com/en-us/blog/we-let-openclaw-loose-on-an-internal-network-heres-what-it-found
https://github.com/sophos/pentesting-skills/blob/main/OpenClaw-Architecture.md
https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

Copyright © 2026 OpsMatters™. All rights reserved.