PANews reported on March 31 that, according to Jinshi, 360 Digital Security Group recently discovered a high-risk vulnerability in the OpenClaw platform using its independently developed 360 Multi-Agent Collaborative Vulnerability Discovery System—a MEDIA protocol Prompt injection vulnerability that bypasses tool privileges and leaks local files. This vulnerability has been officially confirmed by the China National Vulnerability Database (CNNVD), affecting more than 50 countries and regions worldwide, with over 170,000 publicly accessible OpenClaw instances at risk. The core risk of this vulnerability lies in the fact that the MEDIA protocol runs at the output post-processing layer, completely bypassing platform tool policy controls. Even if the agent disables all tool calls, attackers can launch attacks with only basic group chat member privileges, directly stealing sensitive server information and easily triggering subsequent network attacks.