| South China Morning Post
scmp.com
Ben Jiangin Beijing
Published: 10:14pm, 10 Mar 2026

Cybersecurity agency cautions that improper installation and use of the AI agent carry severe security and data risks.

China’s cybersecurity agency on Tuesday issued a second warning about security and data risks tied to OpenClaw, despite a rush among local governments and tech companies to adopt the artificial intelligence agent amid a nationwide frenzy.

At a time when major Chinese cloud service providers were touting easy deployment of OpenClaw to capitalise on its popularity, improper installation and use of the agent had also led to severe security risks, said the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT), a non-governmental and non-profit cybersecurity technical platform, in a notice published on its WeChat account.

Released by Austrian developer Peter Steinberger late last year, OpenClaw is a software that is taking the world by storm for its ability to perform tasks on a user’s behalf, organising and responding to emails, drafting work reports and preparing slide decks.

CNCERT partly blamed OpenClaw’s security challenges on its ability to perform tasks autonomously, which required high-level permissions that heightened exposure to breaches.

The agency said OpenClaw was vulnerable to threats including “prompt injection”, in which attackers embed hidden malicious instructions in webpages which, when read by the software, could trick it into leaking a user’s system keys.

It was also prone to “operational errors”, in which the agent may misinterpret user commands and unintentionally delete critical information, including emails and important files, potentially causing significant data loss.