Recently, an open-source artificial intelligence agent called OpenClaw has rapidly gained popularity in the global technology community. This artificial intelligence agent can autonomously perform tasks in real-world scenarios and take actions on behalf of users, marking the acceleration of AI's transition from a "dialogue assistant" to an "action assistant". However, with the rapid popularization of technology, multiple security risks have also emerged. Regulatory agencies, cybersecurity experts, and international organizations from multiple countries including China, the United States, the European Union, the United Kingdom, Japan, and South Korea have issued warnings and launched action oriented AI security governance and risk prevention and control actions.

The picture shows the mobile page of OpenClaw, an open-source AI intelligent agent. Xinhua News Agency (Photo by Ivan)

Risk concentration exposure triggers global security alert

As a typical representative of the open source artificial intelligence field, OpenClaw has quickly attracted widespread attention and application in a short period of time due to its powerful natural language interaction and task execution capabilities. However, its openness and high authority characteristics have also made it a focus that cannot be ignored in the field of network security, exposing a series of urgent security risks that need to be addressed. ”As an expert and scholar in the field of artificial intelligence in China, Xiong Minghui, a distinguished professor at the Guanghua Law School of Zhejiang University, has been following OpenClaw closely.

In an interview with the Legal Daily, he vividly compared OpenClaw's third-party skill packages or dependency libraries to attackers' "Trojan horses". Malicious actors who tamper with software packages, implant backdoors, or exploit known vulnerabilities for infiltration can steal core business data, intellectual property, and even gain control of internal systems, posing a systemic threat to enterprise data security

The security risks at the device and system levels are equally severe, "Xiong Minghui explained. To complete complex tasks, OpenClaw often requires high system permissions during development and operation. If there are omissions in the configuration or unpatched vulnerabilities in the software itself, it may lead to the leakage of sensitive information (such as keys and configurations) of the host. Attackers can use this to hijack devices, incorporate them into botnets, or use them to launch further internal attacks, seriously threatening the stability and security of enterprise infrastructure. In addition, when playing the role of a personal assistant, OpenClaw's weak security measures may lead to the theft and abuse of sensitive personal information such as contacts, schedules, and chat records. What is even more dangerous is that in scenarios where financial transaction functions are integrated, once the intelligent agent is breached, attackers may induce it to perform erroneous transfers, unauthorized queries, and other operations, directly causing user property losses and shaking the trust foundation of the digital economy

That's why Xiong Minghui sees OpenClaw as a double-edged sword, bringing about an efficiency revolution while also introducing multidimensional security challenges.

On March 8th, the Network Security Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology of China issued a warning, stating that monitoring has found that some instances of OpenClaw open-source AI intelligent agents have high security risks in default or improper configuration, which can easily lead to network attacks, information leaks, and other security issues.

US cybersecurity firm CrowdStrike pointed out in a special report that the security risks of mobile AI agents are much higher than traditional conversational AI. Once hijacked, they can directly complete operations such as user device takeover, sensitive information theft, and core data tampering, endangering personal privacy, corporate trade secrets, and public institution information. Several large enterprises and financial institutions in Japan and South Korea have urgently issued notices to completely ban the installation of OpenClaw on office equipment and strictly prevent the leakage of core business data. The UK Information Commissioner's Office has also issued a risk warning, reminding public service agencies to use mobile AI tools with caution to avoid illegal theft of citizens' privacy information.

Multi party collaboration to build a three-dimensional security protection network

Faced with the systemic security risks brought by OpenClaw, governments, technology companies, and security agencies in multiple countries have already or are currently building emergency security protection systems.

The Federal Communications Commission and the Federal Trade Commission jointly issued temporary regulatory standards, requiring action oriented AI such as OpenClaw to strictly implement three core requirements: minimal authority, traceable operations, and manual review of high-risk behaviors. The European Union has officially included OpenClaw in the high-risk AI regulatory category, strengthening data compliance and privacy protection requirements. South Korea, Canada, Australia and other countries quickly followed up and released targeted usage guidelines and safety regulations. China's departments such as Cyberspace Administration and Industry and Information Technology have simultaneously improved the guidelines for open source AI security assessments, strengthened supply chain security supervision, and consolidated the dual security responsibilities of developers and users.

In the wave of artificial intelligence applications, in order to uphold the bottom line of safety, controllability, and trustworthiness, it is necessary to build a multi-level protection system. Xiong Minghui summarized this protection system as the "four-dimensional" defense line. The first line of defense focuses on security configuration and permission management. Implement the principle of "minimum privilege" to ensure that AI agents can only access the minimum dataset and operational permissions necessary to complete tasks. The second line of defense is dedicated to ensuring supply chain security. The AI ecosystem is open, and the introduction of third-party skill packs and plugins has expanded the potential attack surface. A strict review mechanism needs to be established to conduct comprehensive security checks on introduced components, ensuring trustworthy sources and transparent code. The third line of defense relies on regulatory and compliance construction. The industry needs clear and unified security standards and behavioral norms to provide clear guidance for developers and users. In key areas such as finance and energy, enterprises should establish strict internal compliance frameworks to ensure that AI applications comply with relevant laws and regulations on data security and privacy protection, and integrate compliance requirements into the entire process of enterprise operations. The fourth line of defense integrates cutting-edge technology and human factors. By providing continuous security training and clear risk communication, we aim to enhance participants' safety awareness and operational skills, allowing safety culture to permeate every aspect of the AI lifecycle.

Artificial intelligence security governance requires a global perspective. Countries should strengthen cooperation, jointly develop international security standards and regulatory frameworks, establish a threat intelligence sharing mechanism, and work together to address network risks. Only by building a five in one defense system of 'technical protection, management norms, compliance constraints, user education, and global collaboration' can we enjoy the benefits of AI innovation while maintaining the security bottom line of development. ”Xiong Minghui said.

Consolidate international consensus and build a long-term security system

The global popularity of OpenClaw marks the official entry of artificial intelligence into the era of action, with enormous potential for technological development, but the safety bottom line cannot be broken. Only by building a long-term governance system can we truly safeguard the bottom line of safe, controllable, and trustworthy development. At present, governments, international organizations, and the technology community in multiple countries have issued clear statements outlining a path for the safe development of mobile AI.

The United Nations Educational, Scientific and Cultural Organization (UNESCO) has released the "2026 International Artificial Intelligence Security Report", establishing a cross-border action oriented AI security baseline and promoting regulatory mutual recognition and standard coordination. The International Organization for Standardization and the International Electrotechnical Commission jointly promote the ISO/IEC 27090 special standard, which will be officially released within the year, becoming the world's first authoritative guide focusing on AI system network security prevention and control. The EU stated that it will continue to improve the supporting regulations of the AI Act and strengthen the full lifecycle supervision of action oriented AI; The United States proposes to establish an action oriented AI security certification system, and products that have not been certified shall not be sold to the public; China is accelerating the implementation of open source supply chain security standards, clarifying the responsibilities of developers, platforms, and users, establishing a transparent accountability mechanism, and gradually moving towards unified and standardized global institutional supervision.

In terms of international cooperation, the United Nations has issued multiple joint statements calling on countries to strengthen operational AI security cooperation and jointly combat cybercrime, data theft, and espionage activities carried out using AI. G7 and BRICS countries establish a normalized security communication mechanism, conduct cross-border joint emergency drills, and enhance collaborative response capabilities. China actively participates in the formulation of global AI governance rules, promotes the formation of a multilateral and transparent governance system, and contributes Chinese solutions and wisdom to the global action oriented AI security development. Experts from multiple countries around the world have jointly called for action oriented AI to adhere to ethical bottom lines, establish an unacceptable risk list, ensure that humanity always holds ultimate control, and ensure that technological development always serves the common interests of humanity.

From technology explosion to risk warning, from emergency response to long-term governance, OpenClaw's global attention deeply interprets the opportunities and challenges of artificial intelligence entering the era of action. The international community has unanimously stated that security is the prerequisite and cornerstone for the innovation and development of artificial intelligence. Only by working together, coordinating government and enterprises, and involving the entire population, strictly adhering to the bottom line of security, improving governance systems, and building international consensus, can we truly build an action oriented AI security defense line.