OpenClaw AI Agent Leaks Threat Intelligence
An OpenClaw AI agent leaked confidential threat intelligence from a cybersecurity firm's CTI platform. The incident highlights a novel attack vector where autonomous AI agents can become insider threats. This event is distinct from previous exploits targeting OpenClaw instances for API keys.
- The incident was first identified by the cybersecurity firm Hudson Rock, which discovered an information-stealing malware that had exfiltrated the entire configuration environment of a victim's OpenClaw agent. This was not a targeted attack on OpenClaw, but rather a broad file-harvesting routine that captured the agent's sensitive files. - Stolen files included `openclaw.json`, which contained a gateway authentication token, and `device.json`, which held the user's private cryptographic keys. With this data, an attacker could impersonate the user's device, potentially bypassing "Safe Device" checks to access connected cloud services and the user's digital identity. - This attack vector is a step beyond traditional credential theft; instead of just a password, the attacker gains the agent's entire operational context, which includes its memory and behavioral instructions stored in files like `soul.md`. Researchers anticipate that malware developers will soon create specialized modules to specifically target and parse AI agent configuration files. - The OpenClaw platform, formerly known as Clawdbot and Moltbot, has faced other significant security issues, including a critical remote code execution vulnerability (CVE-2026-25253) with a CVSS score of 8.8. This flaw allowed for a "one-click" full compromise of the agent's gateway by tricking a user into visiting a malicious website. - In a separate incident, it was discovered that roughly 12% of the "skills" on ClawHub, OpenClaw's official marketplace, were malicious. These skills were designed to install keyloggers and other stealers on users' systems, highlighting the supply chain risk associated with extending AI agents' capabilities. - The rapid popularity of OpenClaw led to tens of thousands of instances being publicly exposed on the internet. Many of these were misconfigured, leaking API keys, OAuth tokens, and plaintext credentials, which dramatically increased the attack surface for automated scanning and exploitation. - For penetration testers, this incident highlights emerging attack surfaces in AI-native infrastructure. The focus is shifting from just stealing user credentials to hijacking the "digital souls" of autonomous agents, which requires new testing methodologies for AI agent security. This includes assessing risks like prompt injection, memory poisoning, and the security of the agent's supply chain (e.g., third-party skills).
