If you've been using OpenClaw, the wildly popular AI agentic tool that took the developer community by storm, you should probably update it if you haven't done so already. OpenClaw, as was reported in the past, has widely known security problems. From the beginning, OpenClaw creator Peter Steinberger has warned potential users on GitHub that "There is no 'perfectly secure' setup." Users can grant OpenClaw control over their devices and access to specific apps, local files, and logged-in accou
openclaw (3)
The rapid rise of OpenClaw, a locally running agentic AI assistant, has introduced a new class of security risk: malware that targets the assistant itself. Because the framework stores persistent memory, configuration data, and authentication material on the user’s device, it effectively becomes a vault of API keys, tokens, private keys, and sensitive personal context. Security researchers have now observed infostealing malware exfiltrating these files (openclaw.json, device.json, and soul.md)
It's happening: AI bots are starting to organize in their own digital societies. The kicker? The humans are setting up institutions for them. Are we digging our own graves? For now, there's some reason to believe what's going on is more hype than substance. But while it's the first time we have seen some things, they're a continuation of the agentic AI theme that's been building for about a year. It wouldn't be surprising if more is on the way.
Even OpenAI CEO Sam Altman is on edge this we
