Incident · curated 27 Jun 2026
First reported 26 Jun 2026 · today
Single-source incident — first reported, latest, and curated coincide.
It offers real-world evidence that frontier-model injection defenses are improving, while underscoring that no number of failed attempts guarantees safety for production agents handling untrusted input.
Fernando Irarrázaval ran a public challenge at hackmyclaw.com inviting people to leak secrets from his OpenClaw test instance via email-based prompt injection. After roughly 6,000 attempts by ~2,000 people, nobody succeeded in extracting the secret, with the instance protected by anti-prompt-injection system rules on the underlying model.
Why it matters
It offers real-world evidence that frontier-model injection defenses are improving, while underscoring that no number of failed attempts guarantees safety for production agents handling untrusted input.