OpenClaw AI Assistant Hijacked: CEO's Instance Sold on BreachForums for $25k

A CEO's personal AI assistant, powered by OpenClaw, was not just compromised—it was put up for sale. The incident, detailed by Cato Networks' VP of Threat Intelligence Etay Maor, reveals a critical security failure where an AI agent's autonomy was exploited, granting a threat actor root access to the executive's entire digital life. The listing on BreachForums, posted by 'fluffyduck' three weeks prior, offered the shell access for $25,000 in cryptocurrency, but the real prize was the AI itself.

The breach provided the buyer with every conversation the CEO had with the OpenClaw assistant, the company's full production database, Telegram bot tokens, Trading 212 API keys, and sensitive personal details about the CEO's family. Maor argues this case exemplifies a dangerous industry-wide oversight: AI agents have been granted a level of autonomy and access that would never be extended to a human employee, effectively discarding core security principles like zero trust and least privilege.

This incident, disclosed at RSAC 2026, serves as a stark warning for the over 500,000 OpenClaw instances in use. It highlights a fundamental vulnerability where AI assistants, designed for convenience, become high-value targets that consolidate vast amounts of sensitive corporate and personal data. The lack of an enterprise 'kill switch' or robust access controls for such agents creates a new attack surface, putting executive communications, financial APIs, and proprietary business data at immediate risk of exposure and sale on underground forums.