ALL POSTS

Here's the markdown-formatted article based on the source material: Key Findings OpenClaw AI agent has multiple critical security vulnerabilities Prompt injection attacks can lead to data exfiltration and unauthorized system access Chinese authorities have moved to restrict OpenClaw usage in government and military environments Malicious actors are exploiting the platform's popularity to distribute malware Background OpenClaw is an open-source, self-hosted autonomous AI agent

Key Findings Cybersecurity researchers have uncovered a new information stealer that exfiltrated a victim's OpenClaw configuration environment. The incident marks a significant evolution in infostealer behavior, transitioning from stealing browser credentials to targeting the identities, settings, and "digital souls" of personal AI agents. The stolen files included openclaw.json with gateway tokens, device.json containing private cryptographic keys, and "soul" and memory file