Security
    Enterprise AI Governance · Part 2

    OpenClaw-ing Out Your Privacy

    January 31, 20265 min read

    In January 2026, OpenClaw gained 60,000+ GitHub stars in weeks. It offered a personal AI assistant that could read emails, execute shell commands, browse the web with logged-in sessions, and automate workflows across WhatsApp, Slack, and Discord.

    Within 72 hours, security researchers found hundreds of misconfigured instances leaking API keys, chat histories, and credentials on Shodan. Infostealers updated their target lists before most users finished installation.

    The problem was that capability outpaced security architecture, particularly around how agents store and access user memories.

    The Memory Problem in AI Agents

    OpenClaw's five security failures have been well-documented: plaintext credential storage, no sandboxing, exposed network interfaces, no prompt injection defenses, and no user data isolation.

    But there is a sixth failure that receives less attention: memory architecture.

    AI agents that remember user preferences, past conversations, and learned behaviors need somewhere to store that information. OpenClaw stores everything in local files with no encryption, no access control, and no isolation between users or applications.

    This creates three problems:

    1. Any application with filesystem access can read agent memories. Malware, browser extensions, and other agents can harvest personal data.
    1. Users cannot control what is remembered or who can access it. There is no consent model, no granular permissions, and no audit trail.
    1. Multiple agents cannot safely share context. If you use OpenClaw for work tasks and another agent for personal tasks, there is no way to share relevant context without exposing everything.

    These are not OpenClaw-specific problems. They affect most AI agents built today.

    Fidelius: Secure Memory as a Service

    We built Fidelius as a memory backend that any AI agent can use.

    Instead of every agent implementing its own memory storage (with its own security vulnerabilities), agents can delegate memory to a dedicated service with encryption, isolation, and user-controlled access.

    How It Works

    Four-Network Memory Architecture

    Fidelius organizes memories into four distinct networks:

    • World facts: Objective information about the external world ("Python 3.12 was released in October 2023")
    • Experiences: First-person records of actions taken ("I sent the quarterly report to Alice")
    • Opinions: Learned preferences with confidence tracking ("User prefers concise responses")
    • Observations: Synthesized summaries about entities and concepts

    This separation enables fine-grained access control. A user might want to share factual knowledge with a work agent while keeping personal preferences private.

    Source Attribution

    Every memory is tagged with which application created it and the source of the data (agent action, document, URL, etc.). When an AI agent stores a memory in Fidelius, it is marked as originating from that specific AI agent. When another AI agent stores a memory, it is marked separately.

    By default, agents can only see memories they created.

    Granular Sharing Permissions

    Users control what is shared and with whom:

    • Which applications can access memories from other applications
    • Which memory categories (world facts, experiences, opinions) are shared
    • Time-limited access with automatic expiration
    • Instant revocation when consent is withdrawn

    A user could allow their work agent to see factual knowledge from their personal agent without exposing personal preferences or private experiences.

    Audit Trail

    Every permission change is logged: who granted it, when, and what was shared. Users can see which applications accessed their memories and when.

    Integration for Agent Developers

    Any AI agent can integrate with Fidelius as a memory backend:

    1. Register your application through our developer portal
    2. Request user authorization via standard OAuth
    3. Store memories through our API—they are encrypted and isolated automatically
    4. Query memories with semantic search, temporal filters, and confidence-weighted retrieval
    5. Merge context from multiple sources

    You do not need to implement encryption, access control, or user consent flows. Fidelius handles all of it.

    Why This Matters Beyond OpenClaw

    OpenClaw's rapid growth and security exposure is a warning about AI agents as a category. The response should be to build agents on secure foundations.

    The pattern of "every application implements its own security" has failed repeatedly in software history. Authentication got delegated to identity providers. Secrets moved to vaults. Databases enforce access control at the engine level, not the application level.

    AI agent memory is the same kind of problem. It should be delegated to a service designed for the task, with encryption, isolation, and user control built in from the start.

    Cisco's security team found two critical and five high-severity vulnerabilities in a single OpenClaw scan. Palo Alto Networks concluded that "powerful AI must be governed." That governance has to start at the architecture level.

    For Users

    If you use AI agents today, ask these questions:

    • Where are my memories stored?
    • Who can access them?
    • Can I see what has been remembered about me?
    • Can I delete memories or revoke access?

    If the answers are unclear, you should investigate further.

    For Agent Developers

    If you are building AI agents, consider whether memory storage is something you want to build and maintain—with all the security implications—or whether it makes more sense to delegate to a dedicated service.

    Fidelius offers a secure memory backend with encryption, isolation, user-controlled sharing, and audit trails. Your agent gets persistent memory. Your users get control over their data.

    Continue reading: Enterprise AI Governance

    Related Articles

    Ready to Build AI That Remembers?

    Transform your AI products with memory architectures grounded in cognitive science.

    Schedule a Consultation