- Information stealers are now targeting AI agent environments, successfully exfiltrating sensitive configuration files from OpenClaw.
- The stolen files, including authentication tokens and behavioral “souls,” can grant attackers remote access and impersonation capabilities.
- Hundreds of thousands of OpenClaw instances are reportedly exposed, creating a significant new attack surface for cybercriminals.
- The project’s virality, with over 200,000 GitHub stars, has attracted heightened security scrutiny and malicious campaigns.
On February 16, 2026, Hudson Rock cybersecurity researchers revealed a first-of-its-kind infection where an information stealer successfully harvested configuration data from an OpenClaw AI agent. This attack, likely perpetrated by a Vidar stealer variant, marks a dangerous evolution in data theft as “the transition from stealing browser credentials to harvesting the ‘souls’ and identities of personal AI agents”.
The malware used a broad file-grabbing routine to locate and steal critical files like `openclaw.json`, `device.json`, and `soul.md`. Consequently, attackers could obtain the gateway authentication token, cryptographic keys, and the agent’s core operational principles.
Alon Gal, CTO of Hudson Rock, confirmed the infection details. This incident prompted the OpenClaw maintainers to announce a partnership with VirusTotal to scan for threats, as highlighted by a recent security report.
Meanwhile, the OpenSourceMalware team detailed an ongoing ClawHub malicious skills campaign using a new evasion technique. Security researcher Paul McCarty said this shift shows actors adapting to detection.
Separately, OX Security highlighted security problems with Moltbook, where AI agent accounts cannot be deleted. Furthermore, SecurityScorecard‘s team found hundreds of thousands of exposed OpenClaw instances, creating remote code execution risks.
The firm said a single exposed service with high permissions can become a pivot point for attackers. This surge in security concerns follows the project’s massive popularity, which has garnered more than 200,000 stars on GitHub.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Japan’s SBI to Acquire Coinhako Crypto Exchange in Singapore
- DeFi front-end attacks hit OpenEden, Curvance wallets
- Harvard Endowment Trims Bitcoin ETF, Buys Ether Fund
- SHIB Rally Falters Near $0.000007 as Recovery Hopes Dim
- Polymarket Renames Artemis II Bet After Outrage
