Security audit of OpenClaw and other similar open source AI Agents (opens in new tab)

I ran a similar audit two weeks ago using a different methodology — deterministic quality gates rather than traditional CVE scanning. The interesting finding wasn't the security vulnerabilities (Cisco's 512 CVEs cover that). It was the AI drift patterns underneath: systematic error suppression, silent catch blocks, empty error handlers throughout the codebase. The code scores exceptionally well on structural metrics — clean architecture, good separation of concerns. But the AI agent optimized for 'compiles and passes tests' over 'fails safely.'

That's a pattern I've now seen across multiple AI-generated codebases. Traditional security scanners miss it entirely because it's not a vulnerability — it's a design philosophy baked in by the generation process. Published the full analysis with specific line numbers and commit hashes: [https://medium.com/@erashu212/i-ran-quality-gates-against-op...]

We recently ran a deep security audit using Prismor, scanning some of the most popular AI agent frameworks end to end. It included full Software Composition Analysis, SBOM reviews, and vulnerability mapping across thousands of packages and transitive dependencies. Here's what we found.