[2603.15727] ClawWorm: Self-Propagating Attacks Across LLM Agent Ecosystems

Computer Science > Cryptography and Security arXiv:2603.15727 (cs) [Submitted on 16 Mar 2026 (v1), last revised 20 Mar 2026 (this version, v2)] Title:ClawWorm: Self-Propagating Attacks Across LLM Agent Ecosystems Authors:Yihao Zhang, Zeming Wei, Xiaokun Luan, Chengcan Wu, Zhixin Zhang, Jiangrong Wu, Haolin Wu, Huanran Chen, Jun Sun, Meng Sun View a PDF of the paper titled ClawWorm: Self-Propagating Attacks Across LLM Agent Ecosystems, by Yihao Zhang and 9 other authors View PDF HTML (experimental) Abstract:Autonomous LLM-based agents increasingly operate as long-running processes forming densely interconnected multi-agent ecosystems, whose security properties remain largely unexplored. In particular, OpenClaw, an open-source platform with over 40,000 active instances, has stood out recently with its persistent configurations, tool-execution privileges, and cross-platform messaging capabilities. In this work, we present ClawWorm, the first self-replicating worm attack against a production-scale agent framework, achieving a fully autonomous infection cycle initiated by a single message: the worm first hijacks the victim's core configuration to establish persistent presence across session restarts, then executes an arbitrary payload upon each reboot, and finally propagates itself to every newly encountered peer without further attacker intervention. We evaluate the attack on a controlled testbed across four distinct LLM backends, three infection vectors, and three payload typ...