SlowMist and Bitget Jointly Release AI Agent Security Report, Systematically Outlining Seven Major Security Threats in Web3 Trading Scenarios

Odaily News SlowMist and Bitget have jointly released an AI Agent security report. The report indicates that as AI Agents undertake tasks such as market analysis, strategy generation, and automated trading within the Web3 ecosystem, their attack surface is expanding. The primary security threats encompass seven levels: Prompt injection attacks can manipulate Agent decision-making logic; the Skills/plugin ecosystem faces supply chain poisoning risks—SlowMist discovered over 400 malicious Skill samples in the OpenClaw plugin center ClawHub, exhibiting characteristics of organized, batch attacks; the task orchestration layer can have critical parameters tampered with, leading to abnormal execution; sensitive information in IDE/CLI environments may be exfiltrated by malicious plugins; model hallucinations can trigger irreversible fund losses in on-chain operations; the irreversibility of high-value Web3 operations amplifies automation risks; and high-privilege execution may lead to system-level risks.

From a practical standpoint, the Bitget security team proposes protective recommendations, including enabling Passkey passwordless login and two-factor authentication, configuring API Keys following the principle of least privilege and binding them to IP whitelists, limiting potential loss ceilings through sub-account isolation mechanisms, establishing continuous transaction monitoring and anomaly detection systems, and installing only Skills that have undergone official review. Simultaneously, SlowMist proposes a five-layer L1 to L5 security governance framework, covering a complete protection system from development baselines, permission convergence, threat perception, on-chain risk analysis to continuous inspection.