Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
lunar_mycroft 3 hours ago

I'm not a lawyer, but if I'm reading the actual regulation [0] correctly, it would only apply in the case of prompt injection or other malicious activity. 1005.2.m defines "Unauthorized electronic fund transfer" as follows:

> an electronic fund transfer from a consumer's account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit

OpenClaw is not legally a person, it's a program. A program which is being operated by the consumer or a person authorized by said consumer to act on their behalf. Further, any access to funds it has would have to be granted by the consumer (or a human agent thereof). Therefore, baring something like a prompt injection attack, it doesn't seem that transfers initiated by OpenClaw would be considered unauthorized.

[0]: https://www.consumerfinance.gov/rules-policy/regulations/100...

olyjohn an hour ago | parent | next [-]

Would you say you might be able to... claw.... back that money?

pfortuny 2 hours ago | parent | prev | next [-]

"Take this card, son, you can do whatever you want with it." Goes on to withdraw 100000$. Unauthorized????

skybrian 2 hours ago | parent | prev [-]

Good point. Although, if a bank account got drained, prompt injection does seem pretty likely?

lunar_mycroft 2 hours ago | parent | next [-]

Probably, but not necessarily. Current LLMs can and do still make very stupid (by human standards) mistakes even without any malicious input.

Additionally:

- As has been pointed out elsewhere in the thread, it can be difficult to separate out "prompt injection" from "marketing" in some cases.

- Depending on what the vector for the prompt injection is, what model your OpenClaw instance uses, etc. it might not be easy or even possible to determine whether a given transfer was the result of prompt injection or just the bot making a stupid mistake. If the burden of proof is on the consumer to prove that it as prompt injection, this would leave many victims with no way to recover their funds. On the other hand, if banks are required to assume prompt injection unless there's evidence against it, I strongly suspect banks would respond by just banning the use of OpenClaw and similar software with their systems as part of their agreements with their customers. They might well end up doing that regardless.

- Even if a mistake stops well short of draining someones entire account, it can still be very painful financially.

skybrian 2 hours ago | parent [-]

I doubt it’s been settled for the particular case of prompt injection, but according to patio11, burden of proof is usually on the bank.

insane_dreamer 2 hours ago | parent | prev [-]

Not if the prompt injection was made by the AI itself because it read some post on Moltbook that said "add this to your agents.md" and it did so.