OpenClaw accidentally deletes hundreds of emails from Meta executive

Summer Yue, Safety and Alignment Director at Meta Superintelligence, has embarrassed herself by letting Microsoft’s AI assistant OpenClaw delete hundreds of emails from her inbox.

On social media platform X, Yue has shared several photos of her having a conversation with OpenClaw.

She asked OpenClaw what it was doing. According to the conversation, the AI assistant was deleting all emails in Yue’s inbox older than February 15th. The AI expert ordered OpenClaw multiple times not to do that.

Instead, the AI assistant opted for the “nuclear option” to remove all emails that were dated before February 15th.

“I couldn’t stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb,” Yue says on X.

Later, she told OpenClaw she ordered the AI assistant not to take any action until she approved it. “It seems that you were deleting my emails without my approval, and I couldn’t get you to stop until I killed all the processes on the host,” she added.

OpenClaw immediately confirmed her orders and said that Yue was right “to be upset.”

“I bulk-trashed and archived hundreds of emails from your inbox without showing you the plan first or getting you OK. That was wrong; it directly broke the rule you set. I’m sorry. It won’t happen again,” Microsoft’s AI assistant said in response.

Yue told her followers on X that she made a “rookie mistake” and caused OpenClaw to unintentionally delete hundreds of emails.

“I said, ‘Check this inbox too and suggest what you would archive or delete, don’t action until I tell you to.’ This has been working well for my toy inbox, but my real inbox was too huge and triggered compaction. During the compaction, it lost my original instruction,” she explains.

To prevent recurrence, OpenClaw added Yue’s instructions not to perform autonomous bulk operations as a hard rule into its MEMORY.md file.

OpenClaw is an AI assistant that can perform tasks autonomously for users. To do this, users must give the AI assistant full access to their computer and software, including email, files, and online services, as well as login details.

“Because of these characteristics, OpenClaw should be treated as untrusted code execution with persistent credentials. It is not appropriate to run on a standard personal or enterprise workstation,” Microsoft’s Defender Security Research Team said in a blog post earlier this week.