Infostealer steals identity of AI agent OpenClaw

Security researchers have discovered a live infection in which an infostealer has stolen the configuration files of an OpenClaw AI agent.

The attack was carried out through a broad file-theft routine that automatically searched for sensitive file extensions and specific folder names, including .openclaw. The malware was not specifically designed for OpenClaw; it arose by chance from capturing the operational context of the victim’s AI assistant.

What makes the attack particularly serious is the combination of stolen data. The attacker gained access to the openclaw.json configuration file, which contained the victim’s email address and a high-entropy Gateway Token. This token could enable an attacker to remotely connect to the local OpenClaw instance if the port is exposed.

Cryptographic keys and personal context stolen

In addition, the device.json file containing both public and private cryptographic keys was stolen. With the privateKeyPem, an attacker can sign messages as the victim’s device and potentially bypass “Safe Device” checks.

But most disturbing is the theft of soul.md and the memory files AGENTS.md and MEMORY.md. These files contain the AI agent’s personality and behavioral instructions, along with daily activity logs, private messages, and calendar items belonging to the user. The stolen soul.md file states that the agent should “be bold with internal actions” such as reading, organizing, and learning.

Specialized modules on the way

Security experts are increasingly concerned about the security status of AI agents. Hudson Rock, which made the current discovery, expects an acceleration as AI agents such as OpenClaw become more integrated into professional workflows. Infostealer developers are likely to release specific modules designed to decrypt files, similar to how they currently do for Chrome or Telegram.

Hudson Rock’s Enki AI system performed an automated risk assessment on the captured files. The analysis shows how an attacker could combine the various pieces of information (tokens, keys, and personal context) to orchestrate a total compromise of the user’s digital identity.

Tip: More than 40,000 OpenClaw agents vulnerable

Infostealer steals identity of AI agent OpenClaw

Cryptographic keys and personal context stolen

Specialized modules on the way

Stay tuned, subscribe!

IBM FlashSystem: ‘Autonomous AI takes over 90% of storage management’

Cisco builds its own VMware hypervisor alternative, release imminent

Everyone works with AI agents, but who controls the agents?

Google warns EU: sovereignty undermines competition

From MSP to MIP: Pax8's vision for Managed Intelligence Providers

Why SAP says best-of-breed software era is over

Why 90% of Salesforce Agentforce deployments start with service

Why this CIO ditched Microsoft for Google and Slack

4 steps to create a future-proof data infrastructure

Secure networking: the foundation for the AI era

Why AI adoption requires a dedicated approach to cyber governance

Professional print materials for European tech events, why booth design still makes the difference

Appdevcon

Webdevcon

Dutch PHP Conference

De IT Afdeling van de toekomst

GITEX ASIA 2026

Southeast Asia AI Application Summit 2026

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices