360's AI Security Lobster Faces Backlash Over Private Key Leak

Even cybersecurity veterans sometimes trip over basic security measures. That's exactly what happened when 360 Company's much-touted AI product, 360 Security Lobster, was caught with its digital pants down—leaving SSL private keys exposed in its installation package.

What Went Wrong?

The security lapse came to light when tech experts discovered the installation package included wildcard domain certificates for *.myclaw.360.cn. Imagine leaving your master key under the doormat—that's essentially what happened here. These private keys could theoretically allow attackers to impersonate servers or intercept user traffic.

"It's like building a high-tech vault but forgetting to lock the back door," remarked one cybersecurity analyst who requested anonymity.

Damage Control Mode

Facing industry criticism, 360 moved quickly to contain the fallout:

• Certificate revoked: The compromised credentials were immediately invalidated
• Risk assessment: Company officials insist ordinary users face no immediate threat
• Technical fixes: They've implemented safeguards against potential server forgery attempts

Bigger Questions Loom

As a domestic cybersecurity leader, 360's stumble carries particular weight. With AI products flooding the market, this incident highlights how automated release checks might be failing their fundamental purpose. Are companies moving too fast in the AI race? This episode suggests some might be skipping basic security steps in their rush to market.

The tech community will be watching closely to see how 360 addresses these concerns—and whether other AI developers take note before facing similar embarrassments.

Key Points:

• Basic oversight: SSL private keys accidentally included in installation package
• Quick response: Certificate revoked within hours of discovery
• User impact: Company claims minimal risk to average users
• Industry implications: Raises questions about AI product release protocols