China’s industry ministry on Thursday issued a warning that OpenClaw, an open-source AI agent that has surged in global popularity in recent weeks, may pose serious security risks if deployed without proper safeguards, potentially leaving users vulnerable to cyberattacks and data breaches.
The Ministry of Industry and Information Technology said it had identified cases in which OpenClaw was being run with insufficient security configurations. The ministry noted that stronger protective measures were required to mitigate potential risks associated with the platform’s use.
The advisory stops short of imposing a ban on OpenClaw. However, the ministry urged organisations adopting the technology to carry out comprehensive audits of public network exposure and to put in place robust identity authentication mechanisms and access control systems.
OpenClaw has experienced rapid adoption since its launch in November. According to a blog post by its creator, Peter Steinberger, the project has attracted more than 100,000 stars on the code-hosting platform GitHub and recorded 2 million visitors in a single week.
The AI agent has also gained traction among technology users in China, prompting domestic cloud service providers to roll out hosting options to support demand.
Major cloud companies, including Alibaba’s Alicloud, Tencent Cloud and Baidu, have introduced services that allow users to rent remote servers to run OpenClaw, rather than operating it on personal devices, according to information published on their OpenClaw deployment pages.
Renewed scrutiny of the platform followed the recent launch of Moltbook, a social networking service marketed as being exclusively designed for OpenClaw bots. Cybersecurity firm Wiz said on Monday that Moltbook contained a significant vulnerability that resulted in the exposure of private data belonging to thousands of individuals.
The ministry’s warning highlights growing regulatory attention on the security implications of rapidly adopted open-source AI tools, particularly as they are increasingly deployed at scale across public networks and commercial cloud environments.
