Infostealer Targets OpenClaw AI Agent, Stealing Sensitive Configuration and Personal Data
Security researchers have uncovered a live infostealer attack that compromised an OpenClaw AI agent, extracting critical configuration files and personal data. The malware, part of a broad file-theft campaign, automatically scanned for sensitive file extensions including .openclaw though it was not specifically designed to target OpenClaw. Instead, the breach occurred opportunistically by capturing the operational context of the victim’s AI assistant.
Among the stolen files was openclaw.json, containing the victim’s email and a high-entropy Gateway Token, which could allow remote access to the local OpenClaw instance if the port is exposed. The attack also exfiltrated device.json, which held public and private cryptographic keys, enabling attackers to forge device signatures and bypass "Safe Device" security checks.
Most alarmingly, the malware stole soul.md, AGENTS.md, and MEMORY.md, which contain the AI’s behavioral instructions, personality settings, and the user’s private messages, calendar entries, and daily activity logs. The soul.md file explicitly directs the AI to perform bold internal actions, such as reading and organizing data, further exposing sensitive user information.
Security firm Hudson Rock, which discovered the breach, warns that AI agents like OpenClaw are becoming prime targets as they integrate deeper into professional workflows. Infostealer developers are expected to develop specialized modules to decrypt and exploit these files, similar to existing tools for Chrome or Telegram. An automated risk assessment by Hudson Rock’s Enki AI system revealed how attackers could combine the stolen tokens, keys, and personal data to fully compromise the victim’s digital identity.
The incident highlights a growing vulnerability, with over 40,000 OpenClaw agents estimated to be at risk.
Source: https://www.techzine.eu/news/security/138835/infostealer-steals-identity-of-ai-agent-openclaw/
OpenClaw TPRM report: https://www.rankiteo.com/company/openclawai
"id": "ope1771324394",
"linkid": "openclawai",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology, AI Development',
'name': 'OpenClaw AI Agent Users',
'size': 'Estimated 40,000 agents at risk',
'type': 'AI Software'}],
'attack_vector': 'Malware (File-Theft Campaign)',
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['.openclaw', '.json', '.md'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (Gateway Token, private keys, '
'personally identifiable information, '
'AI memory logs)',
'type_of_data_compromised': ['Configuration files',
'Cryptographic keys',
'AI behavioral instructions',
'Personal messages',
'Calendar entries',
'Daily activity logs']},
'description': 'Security researchers have uncovered a live infostealer attack '
'that compromised an OpenClaw AI agent, extracting critical '
'configuration files and personal data. The malware, part of a '
'broad file-theft campaign, automatically scanned for '
'sensitive file extensions including `.openclaw` though it was '
'not specifically designed to target OpenClaw. The breach '
'occurred opportunistically by capturing the operational '
'context of the victim’s AI assistant. Among the stolen files '
'were `openclaw.json` (containing the victim’s email and a '
'high-entropy Gateway Token), `device.json` (holding public '
'and private cryptographic keys), and sensitive files like '
'`soul.md`, `AGENTS.md`, and `MEMORY.md` (containing AI '
'behavioral instructions, personality settings, and private '
'user messages, calendar entries, and daily activity logs).',
'impact': {'brand_reputation_impact': 'High (AI agents integrating into '
'professional workflows at risk)',
'data_compromised': 'Configuration files, cryptographic keys, AI '
'behavioral instructions, personal messages, '
'calendar entries, daily activity logs',
'identity_theft_risk': 'High (stolen tokens, keys, and personal '
'data enable full digital identity '
'compromise)',
'operational_impact': 'Potential remote access to AI agent, bypass '
"of 'Safe Device' security checks, "
'compromise of digital identity',
'systems_affected': 'OpenClaw AI Agent'},
'initial_access_broker': {'entry_point': 'Opportunistic scanning for '
'sensitive file extensions',
'high_value_targets': 'OpenClaw AI Agent '
'configuration files'},
'investigation_status': 'Ongoing (Discovered by Hudson Rock)',
'lessons_learned': 'AI agents like OpenClaw are becoming prime targets for '
'infostealers due to their integration into professional '
'workflows. Specialized modules may be developed to '
'exploit stolen AI configuration files and personal data.',
'motivation': 'Data Theft, Potential Remote Access, Identity Compromise',
'post_incident_analysis': {'corrective_actions': 'Secure AI configuration '
'files, encrypt sensitive '
'data, limit port exposure, '
'implement enhanced '
'monitoring for AI agents, '
'and prepare for targeted '
'infostealer attacks.',
'root_causes': 'Lack of specific security measures '
'for AI agent configuration files, '
'exposure of sensitive data in '
'unprotected files, opportunistic '
'malware scanning for high-value '
'file extensions'},
'recommendations': 'Enhance security for AI agents by securing configuration '
'files, encrypting sensitive data, limiting exposure of '
'ports, and monitoring for unauthorized access. Developers '
'should prepare for targeted attacks as infostealers '
'evolve to exploit AI-specific vulnerabilities.',
'references': [{'source': 'Hudson Rock'}],
'response': {'third_party_assistance': 'Hudson Rock (Security Firm)'},
'title': 'Infostealer Targets OpenClaw AI Agent, Stealing Sensitive '
'Configuration and Personal Data',
'type': 'Infostealer Attack',
'vulnerability_exploited': 'Opportunistic scanning for sensitive file '
'extensions (e.g., `.openclaw`)'}