Friday, February 20, 2026

February 13, 2026, a Vidar infostealer variant completed its sweep of a compromised machine and found something unusual.

The malware exfiltrated files from a directory called .openclaw: a gateway token that unlocks remote access, cryptographic keys that sign messages as the victim's device, and files called soul.md, AGENTS.md, and MEMORY.md.

Those files contained something no infostealer had ever harvested before - the complete behavioral blueprint of the victim's AI assistant. Behavioral guidelines, daily activity logs, private messages and calendar events.

The digital DNA of how this person thinks, works, and lives.

Hudson Rock documented the pattern - what they described as "the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI agents."

Credential theft was identity theft 1.0. Steal a password, access an account, move some funds. Simple. Transactional. Fixable with a reset.

This is different. When attackers steal your AI's understanding of who you are - your habits, your trusted contacts, your decision-making patterns - they're not just breaking into your accounts.

They're learning how to become you.

What's left to protect when the thing being stolen is the machine's model of your mind?

Read more »

We provide an anonymous platform for whistleblowers and DeFi detectives to present their information to the community. All authors remain anonymous. 
We are all rekt.