China's Top Cybersecurity Firm Ships SSL Key in AI App

Qihoo 360 - China's dominant cybersecurity company with 461 million users and a $10 billion valuation - shipped a private SSL certificate key inside the installer for its new AI assistant. The key covers every subdomain on the platform. It's valid until April 2027. It's now public.

Six days earlier, founder Zhou Hongyi had launched the product with a specific promise: it'd "not damage the user's system, delete data, or leak passwords or other private information on the user's computer."

The product leaked a private key. During the release.

The Timeline

March 10 - Zhou Hongyi announces "360 Security Claw" (360安全龙虾), a wrapper around OpenClaw designed to solve the open-source AI agent's three biggest problems: high installation barriers, unpredictable results, and security vulnerabilities. He describes it as "a digital employee and digital assistant" and promises one-click deployment with full security guarantees.

March 16 - Security researchers discover that the installer package contains the wildcard SSL private key for *.myclaw.360.cn, stored at:

/path/to/namiclaw/components/Openclaw/openclaw.7z/credentials

The certificate covers every subdomain on 360's AI agent platform. Anyone who downloaded the installer - or obtained the key from someone who did - can now:

Impersonate 360's servers to any client that trusts the certificate
Intercept encrypted traffic between users and the myclaw.360.cn platform via man-in-the-middle attacks
Forge login pages that are cryptographically indistinguishable from legitimate ones
Potentially hijack AI agent sessions running through the platform

The researcher who discovered the leak ran openssl x509 and openssl rsa against the files, confirming both the certificate and its matching private key are present and functional:

$ openssl x509 -in myclaw.360.cn.crt -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            98:df:ea:fd:c4:c3:23:71:f0:ab:49
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, O=WoTrus CA Limited
        Validity
            Not Before: Mar 12 00:00:00 2026
            Not After : Apr 12 23:59:59 2027
        Subject: CN=*.myclaw.360.cn

$ openssl rsa -modulus -noout -in myclaw.360
MD5(stdin)= 446097b7674080186a469ecb0945f5af
$ openssl x509 -modulus -noout -in myclaw.360
MD5(stdin)= 446097b7674080186a469ecb0945f5af

The matching MD5 fingerprints (446097b7674080186a469ecb0945f5af) between the RSA key and the certificate confirm this is the real private key - not just a certificate, but the key that signs it. Issued by WoTrus CA Limited (a Chinese certificate authority), valid from March 12, 2026 to April 12, 2027.

Certificate details from the Security Claw installer showing the leaked private key The openssl output showing the certificate details and matching private key modulus, extracted from the 360 Security Claw installer. Source: linux.do via channel.0w0.best

What Is 360 Security Claw?

360 Security Claw is Qihoo 360's commercial wrapper around OpenClaw, the open-source AI agent that has been central to multiple security incidents since its viral adoption in early 2026.

China's National Internet Emergency Center (CNCERT) issued a formal security advisory about OpenClaw on March 10 - the same day Zhou Hongyi announced Security Claw. CNCERT identified four critical risks:

Prompt injection - Attackers embedding hidden commands in webpages can trick OpenClaw into leaking user system keys
Misoperation - The agent may misinterpret commands and delete emails, production data, or other critical files
Malicious plugin injection - Confirmed dangerous extensions can steal keys and deploy trojan backdoors
Unpatched vulnerabilities - Multiple high and medium severity exploits enabling system takeover

CNCERT noted that OpenClaw's default security configuration is "extremely weak" despite having access to local file systems, environment variables, external APIs, and extension installation capabilities.

360's Security Claw was supposed to be the answer - a hardened, enterprise-grade wrapper that would make OpenClaw safe for 360's massive user base. Instead, it shipped with the platform's master encryption key sitting in a ZIP file.

Why This Matters

The Scale

Qihoo 360 isn't a small player. The company provides antivirus and security software to 461 million users across China - roughly a third of the country's internet population. It is the Chinese equivalent of Norton or McAfee, with a market valuation around $10 billion. When this company ships a security product, the implicit promise is that it was built by people who understand threat modeling.

The Irony

Zhou Hongyi positioned Security Claw specifically as a security solution for OpenClaw's known vulnerabilities. The March 10 launch came the same day CNCERT published its advisory. The marketing message was clear: OpenClaw is dangerous; 360 will make it safe.

The SSL key leak demonstrates the opposite. The most basic security practice - not shipping private keys in client-facing packages - was violated. This isn't a sophisticated vulnerability. It's a checklist item that was missed.

The Exposure Window

The certificate is valid until April 2027. Even if 360 revokes and reissues the certificate immediately, the window of exposure includes every user who connected to myclaw.360.cn between the installer's release and the revocation. Any traffic that was intercepted during that period using the leaked key is retroactively compromised.

What Happens Now

360 will need to:

Revoke the compromised certificate right away and reissue
Audit all traffic to myclaw.360.cn for signs of interception
Notify affected users who downloaded the installer
Explain how a private key ended up in a client-facing package - this suggests a build pipeline failure where credential files weren't excluded from the distribution archive

The broader pattern is familiar: the rush to ship AI products is outpacing basic security hygiene. OpenClaw's own security track record includes 130+ security advisories. CNCERT warned about it. And the company that promised to fix it shipped the fix with a private key in the box.

A cybersecurity company with 461 million users shipped its AI product with the platform's SSL private key accessible to anyone who unzipped the installer. The founder had promised, six days earlier, that the product would never leak passwords. It leaked something worse - the cryptographic key that protects every connection to the platform. The certificate is valid for another year. The key is now public. And the company whose entire business is built on the premise that it understands security demonstrated that it doesn't understand build pipelines.

Sources: