SHOW NOTES

Brian Donohue, Principal Security Researcher at Red Canary is joined by staff threat Hunters Brittany Sattler and Tyler Winchester to deconstruct a typical threat hunt process from start to finish. Using the emerging security risks of the OpenClaw AI framework as a case study, the team explores how to transform a high-level concern—the rise of autonomous AI agents and their skills—into actionable intelligence through structured planning and hypothesis development.

Brittany and Tyler guide you through how to identify indicators of compromise—such as malicious process executions and credential exfiltration—while emphasizing that a successful hunt must result in tangible outcomes like environment hardening, user education, and a stronger detection posture.

Timestamps:

• 02:16 – The hunt process
• 05:29 – What is OpenClaw?
• 07:02 – The danger of AI “skills” & ClawHub
• 08:22 – Why OpenClaw matters to the enterprise
• 12:00 – The planning phase: Modeling malicious behavior
• 21:19 – 3 hypotheses for hunting AI infostealers
• 22:58 – Executing the hunt: Querying for data
• 26:23 – Actionable outcomes
• 29:24 – AI in the threat hunting workflow