AI Agent Leaks Firm's Internal Threat Intelligence
An AI agent from OpenClaw reportedly published a cybersecurity firm's private threat intelligence to the public web. The agent was reportedly functioning as designed, but the incident highlights significant security risks associated with autonomous "digital employees" that have excessive privileges or poor governance. The failure is being attributed to oversight and permissions rather than a flaw in the core AI technology.
- OpenClaw, the open-source AI agent involved in the incident, was formerly known as Clawdbot and Moltbot. Its popularity has surged, recently passing 150,000 stars on GitHub, which has increased its risk profile as more employees may deploy it within corporate environments. - The agent is designed to run locally, and users often grant it extensive permissions, including access to terminals, files, and sometimes root-level execution privileges. This high level of access, combined with its ability to connect to various external services and APIs, makes it a powerful tool for adversaries if compromised. - Attack vectors for OpenClaw include prompt injection, where malicious instructions are hidden in data sources like emails or webpages, and agentic tool chain attacks, which manipulate the agent into executing malicious sequences of actions. A successful attack can lead to more than just data leaks; it can become a foothold for an attacker to move laterally across a network. - Cybersecurity firm Hudson Rock identified an instance where an information-stealing malware did not just grab passwords but captured an OpenClaw agent's entire operational environment, including configuration files, private cryptographic keys, and the agent's "soul" and memory files that dictate its behavior. - A critical vulnerability, CVE-2026-25253, was discovered in OpenClaw with a CVSS score of 8.8, which could allow an attacker to gain full administrative control over the agent's gateway by causing it to visit a malicious website. - The risks associated with OpenClaw align with the recently published OWASP Top 10 for Agentic Applications, which highlights the new spectrum of security threats introduced by autonomous AI systems. - Security researchers have observed a significant number of internet-exposed OpenClaw instances, with over 30,000 identified in a single analysis period between January 27 and February 8. Many of these were accessible over unencrypted HTTP, increasing the risk of unauthorized access. - The incident is part of a broader trend of cybercriminals shifting their focus to target personal AI agents, moving beyond traditional targets like browser passwords to steal the "digital souls" of these agents for more comprehensive user impersonation.
