Recently, a craze for 'lobster farming' has swept China, spanning from children to the elderly. This refers to the use of an open-source AI agent software called OpenClaw, which features a red lobster as its logo. Users who install this software on their devices are said to be 'raising lobsters.' Major Chinese tech companies such as ByteDance and Baidu have also launched similar cloud server deployment solutions for OpenClaw.
However, with the rise of this 'lobster farming' frenzy, associated security risks have emerged. The Chinese authorities have begun taking action, issuing risk warnings and restricting the use of OpenClaw in state-owned enterprises and government agencies, among others.
According to Chinese media reports, OpenClaw differs from various AI applications that can only chat via web pages; it is a super assistant capable of taking control of the user's keyboard and mouse. OpenClaw can run directly on users' terminals, invoking system APIs to complete complex tasks.
Unlike ChatGPT, which only provides suggestion-based conversational AI, OpenClaw acts like a digital employee with virtual 'hands.' By simply giving a natural language command such as 'Help me prepare a market analysis report,' it can plan the steps itself, open the browser to search for data, use Excel for tabulation and analysis, and finally save the completed report to a specified folder.
However, since January, several official Chinese security agencies have consecutively issued warnings. Public research from the security organization STRIKE shows that over 40,000 OpenClaw instances are exposed to the public internet, with 63% having exploitable vulnerabilities, and more than 12,000 instances flagged as remotely controllable.
The Cybersecurity Threat and Vulnerability Information Sharing Platform of China’s Ministry of Industry and Information Technology has found that some OpenClaw instances present high security risks when in default or improperly configured settings, making them highly susceptible to cyberattacks and information leaks. On the 10th, China’s National Internet Emergency Response Center issued a risk warning regarding the safe application of OpenClaw, advising relevant organizations and individual users to strengthen network controls and credential management measures when deploying and using OpenClaw.
Foreign media, citing informed sources, noted that state-owned enterprises and government agencies, including major banks, have already received notifications restricting the deployment of OpenClaw on office computers and environments due to security concerns. Reportedly, already installed applications must be immediately disabled and scheduled for deletion or reported for security review. At the same time, on the 10th, Xiaohongshu issued a governance announcement aiming to crack down on AI-managed accounts.
According to Chinese media reports, OpenClaw differs from various AI applications that can only chat via web pages; it is a super assistant capable of taking control of the user's keyboard and mouse. OpenClaw can run directly on users' terminals, invoking system APIs to complete complex tasks.
Unlike ChatGPT, which only provides suggestion-based conversational AI, OpenClaw acts like a digital employee with virtual 'hands.' By simply giving a natural language command such as 'Help me prepare a market analysis report,' it can plan the steps itself, open the browser to search for data, use Excel for tabulation and analysis, and finally save the completed report to a specified folder.
However, since January, several official Chinese security agencies have consecutively issued warnings. Public research from the security organization STRIKE shows that over 40,000 OpenClaw instances are exposed to the public internet, with 63% having exploitable vulnerabilities, and more than 12,000 instances flagged as remotely controllable.
The Cybersecurity Threat and Vulnerability Information Sharing Platform of China’s Ministry of Industry and Information Technology has found that some OpenClaw instances present high security risks when in default or improperly configured settings, making them highly susceptible to cyberattacks and information leaks. On the 10th, China’s National Internet Emergency Response Center issued a risk warning regarding the safe application of OpenClaw, advising relevant organizations and individual users to strengthen network controls and credential management measures when deploying and using OpenClaw.
Foreign media, citing informed sources, noted that state-owned enterprises and government agencies, including major banks, have already received notifications restricting the deployment of OpenClaw on office computers and environments due to security concerns. Reportedly, already installed applications must be immediately disabled and scheduled for deletion or reported for security review. At the same time, on the 10th, Xiaohongshu issued a governance announcement aiming to crack down on AI-managed accounts.