360's OpenClaw Assistant Installation Package Leaks SSL Private Key; Zhou Hongyi Previously Promised "Will Never Leak Passwords"

Odaily News Security researcher Lukasz Olejnik posted on platform X, stating that the AI OpenClaw assistant "360 Security Lobster" launched by 360 leaked an SSL private key in its installation package. The private key corresponds to the domain *.myclaw.360.cn and is valid until April 2027. Attackers could use this private key to impersonate 360 servers, intercept user traffic, or forge login pages. Previously, 360 founder Zhou Hongyi had promised "will never leak passwords" when launching this product. It is worth noting that 360 currently has 461 million users, and the company is valued at approximately $10 billion. This news has also been corroborated by some developers in the Chinese region.