OpenClaw, an open-source AI agent Photo: VCG

China's National Internet Finance Association (NIFA) has issued a formal risk warning over the use of the OpenClaw application in internet finance, the latest effort by the country to improve industry supervision. 

In a notice posted on its official WeChat account on Sunday, the NIFA pointed out potential security and compliance concerns tied to deploying OpenClaw-based components in financial products and services. The association urged financial institutions and consumers to guard against risks such as loss of funds, transaction liability, data-compliance breaches, and new forms of fraud.

OpenClaw is an autonomous, open-source artificial intelligence (AI) agent that leverages large-language models to perform daily task. In the notice, the association said that OpenClaw has recently seen a surge in downloads and usage. It said that OpenClaw is designed by default to obtain elevated system privileges and directly control computers and other terminals using natural‑language commands.

Sunday's warning followed public risk alerts about the use of OpenClaw issued by China's National Vulnerability Database (NVDB), which is operated by the Ministry of Industry and Information Technology, and by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT), the NIFA said in the notice.

The association warned that while OpenClaw agents can improve work efficiency, their default high system privileges and weak security configurations make them highly vulnerable to attackers, becoming a breakthrough for stealing sensitive data or illegally manipulating transactions, posing a serious risk to the industry.

The NIFA advised financial consumers to be extremely cautious when installing OpenClaw on terminals used for online banking, securities trading, payments, and other personal financial services. If installation is necessary, users are advised not to grant operational permissions to financial service systems, and to promptly apply OpenClaw vulnerability patches, to strictly control the installation of functional plug-ins, and to avoid entering sensitive information such as ID card numbers, bank card numbers, and payment passwords during use. 

Despite a rush to adopt the OpenClaw AI agent, China's tech ministry and industry association have warned of security threats linked to it, emphasizing the need for proactive measures.

The Ministry of Industry and Information Technology (MIIT) recently issued a warning that some OpenClaw-powered deployments carry high security risks when in default or improper configuration, making them highly susceptible to cyberattacks, information leakage, and other security issues, the Xinhua News Agency reported.

On March 11, the NVDB brought together AI-agent providers, vulnerability-collection platform operators, and cybersecurity firms to research and publish security risks and safety recommendations for typical AI agent applications. 

On the same day, the Suzhou AI Industry Association, in collaboration with relevant enterprises and institutions, reminded the public to objectively assess both the capabilities and limitations of the technology and avoid creating anxiety.

The National Internet Emergency Response Center suggested strengthening network control and not directly exposing the default management port of OpenClaw to the public network, while strictly isolating the operating environment and using technologies such as containers to limit the issue of excessive permissions in OpenClaw, the center said in its official WeChat account on March 10.

"From the closed, small-scale models of the past, to large-language models, and now to autonomous AI agents that deploy these models to execute tasks — the risks have amplified at every step," Liu Gang, chief economist at the Chinese Institute of New Generation Artificial Intelligence Development Strategies, told the Global Times on Sunday. 

"The risks that have surfaced include privacy breaches, injected malware hidden in instructions, and unauthorized deletion of user data."

OpenClaw has been publicly disclosed several high- and medium-risk vulnerabilities, Liu said, adding that for critical industries such as finance and energy, these vulnerabilities could lead to the leakage of core business data, trade secrets, and code repositories, and could even paralyze entire business systems, causing incalculable losses.

Embedding security mechanisms directly into the internal architecture of autonomous agents may offer one solution, Liu suggested. "But industry risk management also has a critical role to play." 

Liu also called for clearer community standards, better disclosure practices, and coordinated incident‑response frameworks as part of efforts to manage the technology's societal impact.

Several Chinese universities have already called for precautions to prevent OpenClaw-related security risks. Liu said that the intensified vigilance among academic institutions signals a paradigm shift in AI governance, from a singular focus on technological advancement toward a balance between innovation and risk mitigation. Although immediate risk advisories serve as necessary stopgap measures, in the long term it is crucial to institutionalize regulatory frameworks and to enhance AI safety literacy.