BEIJING — China’s government agencies and state-owned banks received internal notices in March 2026 barring employees from installing OpenClaw on office devices or corporate networks, according to people familiar with the directives, even as tech giants Tencent, Baidu, and Alibaba simultaneously raced to build commercial products on top of the platform.
The contrast is stark. On March 17, Nvidia CEO Jensen Huang called OpenClaw “absolutely the next ChatGPT” at the company’s GTC conference in San Jose, triggering a rally in Hong Kong-listed AI stocks. At nearly the same moment, at least one Shenzhen developer had already lost ¥12,000 to an API key theft executed through a malicious OpenClaw plugin — a figure confirmed in reports reviewed by multiple outlets but absent from most mainstream coverage of the Nvidia endorsement.
OpenClaw’s Rapid Rise in China
The tool — an autonomous AI agent launched in November 2025 by Austrian programmer Peter Steinberger — does not just answer questions. It executes tasks: booking travel, managing inboxes, running code, autonomously browsing the web. That distinction matters enormously when it comes to risk. Unlike a conventional chatbot, OpenClaw requires what security researchers describe as root-level system permissions to operate, a design feature that dramatically widens the attack surface.
China’s adoption curve has been nearly vertical. Usage by Chinese users has already exceeded that of the United States, according to CNBC, while demand for domestic AI models to power OpenClaw agents has surged. Across Douyin and Xiaohongshu, paid installation services appeared almost overnight, charging between ¥500 and ¥1,000 per setup, with users — including retirees and teenagers — forming lines outside Tencent’s Shenzhen headquarters and Baidu’s Beijing office to get engineers to configure the tool for them.
The Security Warning Beijing Isn’t Publicizing
China’s National Computer Network Emergency Response Technical Team (CNCERT) has now issued two separate warnings about OpenClaw — the second landing on March 10 — with authorities cautioning that improper deployment could allow attackers to steal personal files, payment credentials, and API keys. Officials familiar with the implementation said employees who had already installed related apps were instructed to report this to supervisors for possible removal — a detail buried in the government’s otherwise quiet handling of the directive.
What most coverage of the Nvidia rally doesn’t mention: China’s National Internet Finance Association (NIFA) issued a separate risk notice on March 15 warning that OpenClaw’s automated decision-making capabilities could trigger unauthorized financial transactions and manipulate securities-trading systems. The association said the platform’s default high-system-privilege configurations make it especially dangerous in financial environments — precisely the sector where China’s viral installation frenzy has been most intense.
The Fraud No One Is Counting
Data examined across multiple security disclosures confirms that several medium- and high-severity vulnerabilities have already been publicly listed in OpenClaw’s codebase. CNCERT confirmed that malicious plugins circulating on GitHub as fake OpenClaw variants are actively delivering malware to unsuspecting users.
The practical consequences are real and immediate. Misconfigured deployments have exposed credit card data saved in Chrome browsers, leading to unauthorized charges. The Shenzhen developer’s ¥12,000 API fraud case illustrates a pattern that security researchers say is repeating across the country, yet no central reporting mechanism currently exists to aggregate those losses. Officials declined to provide national fraud figures when contacted.
There is also an operational risk that regulators flagged but few users seem aware of: CNCERT specifically warned that OpenClaw can mistakenly delete important emails or files if it misinterprets a natural-language command. An AI agent that acts — rather than advises — has no undo button.
Corporate Land Grab, Government Blindspot
The corporate race has moved faster than any regulatory framework. Tencent launched QClaw, integrating OpenClaw into WeChat’s ecosystem for autonomous task execution. ByteDance’s cloud unit, Volcano Engine, rolled out ArkClaw. Alibaba launched JVS Claw as a mobile installer. Xiaomi opened a closed beta of MiClaw for smart-home device control. Nvidia announced its own enterprise version, NemoClaw, with a “privacy router” and network guardrails — features conspicuously absent from the consumer versions now installed on millions of personal devices across China.
“OpenClaw opened the next frontier of AI to everyone and became the fastest-growing open source project in history,” Huang said at GTC. His platform, however, comes with guardrails. The versions most Chinese consumers are currently running do not.
The distinction between Nvidia’s enterprise-hardened NemoClaw and the raw, open-source OpenClaw that millions installed through paid strangers on Douyin represents the story that the stock market rally is not pricing in.
What Happens to the Lobster Next
China’s Ministry of Industry and Information Technology has stopped short of an outright ban, instead calling on organizations to conduct thorough audits of any OpenClaw deployments. Whether that guidance reaches the retirees who paid ¥800 to have a stranger configure the software on their personal devices remains an open question — one that regulators have not yet answered publicly.
The NIFA warning specifically advised financial consumers to exercise “extreme caution” when installing OpenClaw on any device used for personal banking or investment services. No removal campaign has been announced. No compensation framework exists for users already defrauded. The lobster craze continues — and for now, so does the fraud.
