- OpenClaw’s deep system access creates significant security concerns for enterprise environments
- Chinese authorities warn that autonomous AI agents may unexpectedly expose corporate systems
- Rapid injection attacks threaten AI assistants operating directly within workplace networks
Chinese cybersecurity authorities have issued new warnings about the use of OpenClaw in the workplace.
Officials cite growing concern that its rapid adoption could expose organizations to operational and data risks.
The alerts come as businesses and local governments across the country continue to experiment with the autonomous software agent.
Article continues below.
OpenClaw is as risky as it is convenient
The advisory was issued by the China National Computer Network Emergency Response Technical Team/Coordination Center, which said improper installation and configuration of the tool could create security vulnerabilities.
OpenClaw’s ability to operate autonomously requires high-level system permissions, a design feature that increases the potential impact of misuse or exploitation.
Officials warned that such careless implementation within office environments could allow attackers to gain access to sensitive systems.
This is even more risky when organizations do not properly configure endpoint protection tools or bypass existing firewall safeguards.
The agency recommended early adopters carefully review system permissions, disable unnecessary public access, and apply stricter administrative controls.
OpenClaw, formerly known as Clawdbot and Moltbot, is an artificial intelligence assistant that executes tasks on behalf of users.
It is deeply integrated with the operating system and can handle digital tasks such as writing reports, organizing emails, and preparing presentations.
This creates a risk because malicious instructions can go undetected during routine operations, and Microsoft has warned against executing them on enterprise workstations.
The tool may be vulnerable to so-called fast injection attacks, in which hidden instructions embedded in web content manipulate the agent into performing unwanted actions.
Officials said such attacks could trick software into revealing system keys or executing commands that compromise internal networks.
Due to its popularity, many fake OpenClaw variants on GitHub are designed to deliver malware to users.
Another concern raised in official advisories relates to operational errors caused by misinterpreted orders.
Security agencies warned that the AI agent could mistakenly delete important emails or files if it doesn’t understand the instructions.
An earlier guide from China’s National Vulnerability Database similarly warned that improper handling of software could create high-level security risks.
The organization recommended more robust monitoring systems and reliable malware removal procedures when deploying the AI tool on enterprise networks.
Despite repeated warnings, enthusiasm around OpenClaw remains strong among major technology companies and regional authorities.
Cloud platforms such as Alibaba Cloud and large internet companies including Tencent and ByteDance have expanded access to the technology.
Tencent recently introduced new services that integrate OpenClaw capabilities into widely used communication platforms, including WeChat and QQ.
At the same time, several local governments have introduced subsidies or public initiatives that encourage businesses and residents to experiment with the software.
Authorities now appear to balance these initiatives with stricter warnings about business deployment.
Through SCMP
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
