China's National CERT warns that the OpenClaw agentic AI tool poses significant risks due to an extremely weak default security configuration, which can be exploited through malicious instructions in web pages or poisoned plugins to steal credentials and delete data. The advisory recommends isolating OpenClaw in containers, keeping its management port off the public internet, implementing strict access controls, disabling automatic updates, and restricting plugin access. Following the warning, some Chinese government agencies and state-run banks have reportedly banned its use.
Security China’s CERT warns OpenClaw can inflict nasty wounds Like deleting data, exposing keys, and loading malicious content, perhaps leading to government ban Simon Sharwood Thu 12 Mar 2026 // 01:37 UTC China’s National Computer Network Emergency Response Technical Team has warned locals that the OpenClaw agentic AI tool poses significant security risks. In a Tuesday post to its WeChat account, the CERT warned that OpenClaw has “extremely weak default security configuration” and must therefore be handled with extreme care. The CERT is worried that attackers can target the tool by embedding malicious instructions in web pages, and that poisoned plugins for the agentic tool can put users at risk. China’s cyber-advisors also point out that OpenClaw has already disclosed several severe vulnerabilities that can result in credential theft and therefore enable serious attacks. User error is another concern, as the CERT thinks OpenClaw users may inadvertently delete important data. The organization recommends users isolate OpenClaw in a container, keep its management port isolated from the public internet, and implement strict authentication and access control procedures to keep attackers away from the agentic tool. The CERT also suggests that users disable automatic updates and restrict access to OpenClaw plugins. Malware-laced OpenClaw installers get Bing AI search boost OpenClaw is the most fun I've had with a computer in 50 years More than 135,000 OpenClaw instances exposed to internet in latest vibe-coded disaster OpenClaw reveals meaty personal information after simple cracks The CERT’s advice is a little less alarmist than that offered by analyst firm Gartner, which in early February described OpenClaw as an “unacceptable cybersecurity risk” for business user, while also recommending users only run it in isolated nonproduction virtual machines with throwaway credentials. The warning opens with the observation that China has seen a “surge in downloads and usage” for OpenClaw and its derivatives, thanks in part to “major domestic cloud platforms offering one-click deployment services.” One example of such offerings comes from web giant Tencent, which launched an OpenClaw-based tool called “Work Buddy” on Monday, and claimed users can set it up and integrate it with multiple chat platforms in minutes. A day after China’s CERT posted its advice, local authorities reportedly banned the use of OpenClaw at some government agencies and state-run banks. ® Share More about AI China Security More like these × More about AI China Security Narrower topics 2FA Advanced persistent threat AIOps Application Delivery Controller Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI China Mobile China telecom China Unicom CISO Common Vulnerability Scoring System Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Cyberspace Administration of China Data Breach Data Protection Data Theft DDoS DeepSeek DEF CON Digital certificate Encryption End Point Protection Exploit Firewall Gemini Google AI Google Project Zero GPT-3 GPT-4 Great Firewall Hacker Hacking Hacktivism Hong Kong Identity Theft Incident response Information Technology and the People's Republic of China Infosec Infrastructure Security JD.com Kenna Security Large Language Model Machine Learning MCubed NCSAM NCSC Neural Networks NLP Palo Alto Networks Password Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan Retrieval Augmented Generation REvil RSA Conference Semiconductor Manufacturing International Corporation Shenzhen Software Bill of Materials Spamming Spyware Star Wars Surveillance Tensor Processing Unit TLS TOPS Trojan Trusted Platform Module Uyghur Muslims Vulnerability Wannacry Zero trust Broader topics APAC Self-driving Car More about Share POST A COMMENT More about AI China Security More like these × More about AI China Security Narrower topics 2FA Advanced persistent threat AIOps Application Delivery Controller Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI China Mobile China telecom China Unicom CISO Common Vulnerability Scoring System Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Cyberspace Administration of China Data Breach Data Protection Data Theft DDoS DeepSeek DEF CON Digital certificate Encryption End Point Protection Exploit Firewall Gemini Google AI Google Project Zero GPT-3 GPT-4 Great Firewall Hacker Hacking Hacktivism Hong Kong Identity Theft Incident response Information Technology and the People's Republic of China Infosec Infrastructure Security JD.com Kenna Security Large Language Model Machine Learning MCubed NCSAM NCSC Neural Networks NLP Palo Alto Networks Password Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan Retrieval Augmented Generation REvil RSA Conference Semiconductor Manufacturing International Corporation Shenzhen Software Bill of Materials Spamming Spyware Star Wars Surveillance Tensor Processing Unit TLS TOPS Trojan Trusted Platform Module Uyghur Muslims Vulnerability Wannacry Zero trust Broader topics APAC Self-driving Car TIP US OFF Send us news