China's central government has warned state enterprises and agencies not to install OpenClaw on office computers this week, as multiple government bodies moved to rein in the Austrian-developed AI agent following a surge in adoption across the country.
Government agencies and state-owned enterprises, including the largest banks, have received notices in recent days warning them against installing OpenClaw software on office devices for security reasons. Several of them were instructed to notify superiors if they had already installed related apps for security checks and possible removal.
Certain employees, including those at state-run banks and some government agencies, were banned from installing OpenClaw on office computers and also personal phones using the company's network. One person said the ban was also extended to the families of military personnel.
OpenClaw, developed by Austrian programmer Peter Steinberger, is an autonomous AI agent that automates tasks including email management, calendar scheduling, and travel check-ins. The warning underscores Beijing's growing concern about OpenClaw, an agentic AI platform that requires unusually broad access to private data and can communicate externally, potentially exposing computers to external attack.
The Ministry of Industry and Information Technology's National Vulnerability Database (NVDB) has also published security guidelines, and the People's Bank of China has added a separate warning on AI in the financial sector. The guidelines recommend six practices: use the official latest version, minimise internet exposure, grant only the minimum permissions necessary, exercise caution when using the skill market filled with third-party offerings, guard against browser hijacking, and regularly check for patch vulnerabilities.
Yet China's response reveals a government pulled in two directions. A slew of government agencies, in cities from Shenzhen to Wuxi, have issued notices offering multimillion-yuan subsidies to startups leveraging OpenClaw to make advances. The frenzy has helped drive up shares of AI model developer MiniMax nearly 640 per cent since its listing just two months ago. It's now worth about US$49 billion, surpassing Baidu Inc – once viewed as the frontrunner in Chinese AI development – in market value.
Its adoption in China has been rapid enough to acquire a nickname – "raising lobsters," a reference to the app's mascot – and Tencent, Alibaba, Baidu, and MiniMax have all launched compatible tools. China's National Computer Network Emergency Response Technical Team has warned locals that the OpenClaw agentic AI tool poses significant security risks. In a Tuesday post to its WeChat account, the CERT warned that OpenClaw has "extremely weak default security configuration" and must therefore be handled with extreme care.
The CERT is worried that attackers can target the tool by embedding malicious instructions in web pages, and that poisoned plugins for the agentic tool can put users at risk. China's cyber-advisors also point out that OpenClaw has already disclosed several severe vulnerabilities that can result in credential theft and therefore enable serious attacks.
The apparent contradiction in Beijing's approach reflects a difficult balancing act. The Chinese government aims to capture the economic upside of agentic AI while keeping it out of the party-state's own bloodstream. This separation, however, may prove difficult to maintain. "Banning agents in 2026 is like trying to ban spreadsheets in 1985, or Google Sheets in 2013," one analyst noted. "The productivity gains are enormous, and the opportunity cost of abstaining from the use of agents will eventually become untenable."
The government's concerns rest on solid technical ground. OpenClaw is designed to directly operate computers based on natural language instructions, noting that to enable its autonomous task execution capability, the agent is granted relatively high system privileges. That includes access to local file systems, the ability to call external service application programming interfaces, and permission to install plugins. The advisory specifically highlighted scenarios where risks may arise, such as connecting instant messaging apps to OpenClaw, which could grant "excessive permissions that enable malicious reading, writing or deletion of any files".
For now, the People's Bank of China called at its annual technology conference in Beijing on Wednesday for AI in the financial sector to be managed in a "proactive yet prudent, safe and orderly" manner. Whether Beijing can simultaneously restrict high-risk deployment while allowing innovation to flourish in the private sector remains an open question.