The rapid rise of OpenClaw, a locally running agentic AI assistant, has introduced a new class of security risk: malware that targets the assistant itself. Because the framework stores persistent memory, configuration data, and authentication material on the user’s device, it effectively becomes a vault of API keys, tokens, private keys, and sensitive personal context. Security researchers have now observed infostealing malware exfiltrating these files (openclaw.json, device.json, and soul.md)
openclaw (2)
It's happening: AI bots are starting to organize in their own digital societies. The kicker? The humans are setting up institutions for them. Are we digging our own graves? For now, there's some reason to believe what's going on is more hype than substance. But while it's the first time we have seen some things, they're a continuation of the agentic AI theme that's been building for about a year. It wouldn't be surprising if more is on the way.
Even OpenAI CEO Sam Altman is on edge this we
