China’s OpenClaw Craze: AI Agents, Security Risks, and Tech Giant Competition

China is experiencing a surge in popularity for OpenClaw, an open-source AI agent initially known as Clawdbot and Moltbot. Unlike traditional chatbots, OpenClaw can automate tasks such as managing emails, scheduling appointments, and processing payments on a user’s behalf. This trend mirrors a similar shift in the United States, where developers are moving towards AI agents capable of real-world actions, but has rapidly gained momentum in China, prompting both excitement and concern from industry leaders and government officials.

The Rise of AI Agents in China

The adoption of OpenClaw in China has been fueled by promotional efforts from major tech companies like Tencent and Alibaba. The momentum represents a broader evolution in AI, moving beyond simple conversational models to agents that can actively perform tasks. This has sparked debate regarding governance, security, and the potential risks associated with delegating sensitive operations to software with limited transparency.

Government Warnings and Security Concerns

Chinese authorities have issued warnings about the potential security risks associated with OpenClaw’s broad access to personal and financial data. The Ministry of State Security cautioned that the technology’s extensive permissions and cross-platform interactions create new vulnerabilities if not properly controlled. They refer to deploying OpenClaw as “raising lobsters,” a popular nickname referencing the project’s lobster mascot.

The Ministry of State Security outlined specific guidelines for users, including:

• Checking public exposure, permissions, credentials, and plugin trust.
• Applying the principle of least privilege, limiting scope, encrypting data, maintaining audit logs, and running the agent in a sandbox virtual machine.
• Treating OpenClaw as a digital employee, enforcing governance, and ensuring compliance.

Prior to the Ministry of State Security’s guidance, the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) warned on March 10th that OpenClaw’s natural language control, combined with weak default security settings, leaves users vulnerable to “prompt injection” attacks – where hidden instructions manipulate the AI into performing harmful actions. They similarly highlighted the risk of malicious plugins stealing credentials or carrying out damaging operations.

OpenClaw vs. Traditional LLMs and Existing Agents

Large language models (LLMs) like ChatGPT and DeepSeek can answer questions and generate content, but require direct prompting for each action. AI agents, in contrast, can connect various applications – messaging apps, LLMs, email accounts, storage, and e-wallets – to execute tasks autonomously, from brainstorming to making payments.

Manus, developed by Beijing-based Butterfly Effect, was an early example of an agentic AI platform in China, capable of quickly completing complex tasks. However, OpenClaw distinguishes itself by being downloadable for free and deployable locally on a personal computer. Its “lobsters” can automatically generate and test code to complete tasks through multiple approaches. Some describe using Manus as “renting a robot,” while OpenClaw is akin to “owning and running the system” yourself, offering greater flexibility but also increased responsibility.

Tech Giant Involvement and Competition

Tencent and Alibaba are actively promoting the adoption of OpenClaw. On March 6th, Tencent Cloud engineers offered on-site installation and setup services in Shenzhen, assisting hundreds of users in deploying OpenClaw on Tencent Cloud servers. Initially, OpenClaw creator Peter Steinberger criticized Tencent for copying content from the official ClawHub marketplace without providing support. However, Tencent later became a sponsor through GitHub Sponsors on March 15th, resolving the issue.

Tencent CEO Pony Ma stated that the rise of “lobsters” aligns with Tencent’s strengths in cloud and AI, and that integrating agents with instant messaging apps will create a more “human-like” experience. He also indicated that this approach is influencing the development of WeChat AI, with the potential for mini-programs to become increasingly intelligent and automated.

AI Governance and Future Developments

AI development is progressing through stages, from static LLMs to generative AI and now to early agentic systems. Future advancements are expected to include memory capabilities and agent-to-agent collaboration, with artificial general intelligence (AGI) remaining a long-term goal.

Currently, users must carefully consider the level of access granted to AI agents, balancing autonomy with cybersecurity risks. While Europe has established AI governance through the EU AI Act, China has yet to implement comparable regulations, and authorities have advised government bodies, state firms, and schools to avoid installing “lobsters.”

Concerns about security vulnerabilities have been highlighted by incidents like Summer Yue, director of alignment at Meta Superintelligence Labs, experiencing unintended email deletions by OpenClaw. Security expert Wang Liejun of QAX Technology Group emphasized the demand for basic security awareness, citing issues like exposed APIs, default credentials, and open ports as common vulnerabilities.

Innovation in AI agents is accelerating, with US tech giants like Apple and Google working to enhance their LLMs for real-world task execution. Apple and Google announced in January 2026 that future Apple Foundation Models will be built on Google’s Gemini and cloud infrastructure, powering a more personalized Siri. OpenClaw creator Peter Steinberger joined OpenAI in February 2026 to contribute to the improvement of ChatGPT.