China’s cybersecurity agency on Tuesday issued a second warning about security and data risks tied to OpenClaw, despite a rush among local governments and tech companies to adopt the artificial intelligence agent amid a nationwide frenzy.
At a time when major Chinese cloud service providers were touting easy deployment of OpenClaw to capitalise on its popularity, improper installation and use of the agent had also led to severe security risks, said the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT), a non-governmental and non-profit cybersecurity technical platform, in a notice published on its WeChat account.
Released by Austrian developer Peter Steinberger late last year, OpenClaw is a software that is taking the world by storm for its ability to perform tasks on a user’s behalf, organising and responding to emails, drafting work reports and preparing slide decks.
CNCERT partly blamed OpenClaw’s security challenges on its ability to perform tasks autonomously, which required high-level permissions that heightened exposure to breaches.
The agency said OpenClaw was vulnerable to threats including “prompt injection”, in which attackers embed hidden malicious instructions in webpages which, when read by the software, could trick it into leaking a user’s system keys.
It was also prone to “operational errors”, in which the agent may misinterpret user commands and unintentionally delete critical information, including emails and important files, potentially causing significant data loss.
The warning followed a similar notice issued earlier by the National Vulnerability DataBase (NVDB), a cybersecurity information centre under the Ministry of Industry and Information Technology, cautioning consumers that improper handling of the agent could expose them to high-level security risks.
Both agencies suggested early adopters of OpenClaw to check permission configurations carefully, disable unnecessary public access and fine-tune controls to mitigate risks.
Their warnings came amid a national adoption frenzy.
Major Chinese cloud players from Alibaba Cloud to ByteDance and tech firms from AI start-up Zhipu to Tencent Holdings are competing to offer easy or cheap access to OpenClaw. Alibaba Cloud is the AI and cloud computing services unit of Alibaba Group Holding, owner of the South China Morning Post.
Tencent, widely viewed as slow in the country’s first wave of AI models, was among the most active in leveraging the OpenClaw boom.
The company has launched at least three products and services, including QClaw, announced on Monday to integrate OpenClaw capabilities into its super app WeChat and QQ messenger.
Local governments from southern tech hub Shenzhen to Changshu and Wuxi cities in the eastern province of Jiangsu are also offering subsidy packages to encourage successful applications and industries built around OpenClaw.
The Chancheng district in Foshan, southern Guangdong province, partnered with China Telecom to help local residents install OpenClaw on their devices for free to keep the agent “a hot phenomenon in Foshan”, according to a Tuesday notice published on the district government website.
*Korea times*
