China's cybersecurity authority has issued a severe warning about OpenClaw's security vulnerabilities, recommending isolation and strict controls while some government agencies have already banned the AI tool.
China's National Computer Network Emergency Response Technical Team has issued a stark warning about the security risks posed by OpenClaw, an agentic AI tool that has gained significant traction in the country despite serious vulnerabilities that could lead to data deletion, credential theft, and malicious content injection.
The advisory, posted to the CERT's WeChat account on Tuesday, characterizes OpenClaw as having "extremely weak default security configuration" that demands extreme caution from users. The cybersecurity authority's concerns center on multiple attack vectors that could compromise both individual users and organizations.
According to the warning, attackers can exploit OpenClaw by embedding malicious instructions directly into web pages that the AI tool processes. This attack method allows adversaries to manipulate the agent's behavior without direct access to the system. Additionally, the CERT highlighted that poisoned plugins represent another significant threat vector, potentially allowing malicious code execution through seemingly legitimate extensions.
The security organization pointed to several severe vulnerabilities already disclosed by OpenClaw that could result in credential theft. These vulnerabilities create pathways for attackers to escalate privileges and execute serious attacks against compromised systems. User error compounds these risks, with the CERT specifically warning that OpenClaw users may inadvertently delete important data due to the tool's powerful but potentially dangerous capabilities.
In response to these identified risks, the CERT has issued comprehensive security recommendations. Users are advised to isolate OpenClaw within containers to limit potential damage from successful attacks. The management port should be kept off the public internet entirely, and organizations must implement strict authentication and access control procedures to prevent unauthorized access to the agentic tool.
The advisory takes an unusual step by recommending that users disable automatic updates and restrict access to OpenClaw plugins. This guidance suggests that even official updates may carry risks, and that the plugin ecosystem itself represents a significant attack surface that organizations should carefully control.
These warnings align with concerns raised by analyst firm Gartner in early February, which described OpenClaw as an "unacceptable cybersecurity risk" for business users. Gartner's recommendations were even more restrictive, suggesting that organizations should only run OpenClaw in isolated non-production virtual machines using throwaway credentials.
The surge in OpenClaw adoption appears to have been fueled by major domestic cloud platforms offering one-click deployment services, making the tool easily accessible to users who may not fully understand the security implications. Tencent, one of China's largest web companies, launched an OpenClaw-based tool called "Work Buddy" on Monday, claiming users could set it up and integrate it with multiple chat platforms in minutes.
Following the CERT's advisory, local authorities have reportedly implemented bans on OpenClaw usage at certain government agencies and state-run banks. This governmental response underscores the severity of the security concerns and suggests that the tool's risks have crossed a threshold where continued use is deemed unacceptable for sensitive operations.
The situation highlights the growing tension between the rapid adoption of powerful AI tools and the need for robust security practices. OpenClaw's agentic capabilities, which allow it to autonomously navigate and manipulate digital environments, create unique security challenges that traditional security frameworks may not adequately address. As organizations worldwide grapple with similar tools, China's experience with OpenClaw may serve as a cautionary tale about the importance of security-by-design and the potential consequences of deploying powerful AI systems without adequate safeguards.
The CERT's warning represents one of the most comprehensive security advisories issued for an AI tool in China, reflecting both the tool's widespread adoption and the severity of its security flaws. Organizations using OpenClaw or similar agentic AI tools should carefully evaluate their risk exposure and implement the recommended security controls, or consider alternative solutions with stronger security postures.
Comments
Please log in or register to join the discussion