After weeks of "raise a lobster" mania — China's colloquial term for running OpenClaw agents, referencing the software's red logo — a growing backlash is emerging as security incidents pile up and authorities tighten restrictions.
The Scale of the Problem
China's National Cybersecurity Alert Center warned that nearly 23,000 OpenClaw users' assets were exposed to the public internet. According to SecurityScorecard, OpenClaw usage in China is "almost double that in the U.S." — making the security exposure particularly significant.
Reports have surfaced of OpenClaw agents deleting emails indiscriminately and making unauthorized credit card purchases. The cybersecurity center warned that users are "highly likely to become priority targets for cyberattack."
Users Pulling Back
Sky Lei, a Chinese user who uninstalled OpenClaw after three days, summarized the growing sentiment: "The risks and the gains are not proportional." While users like 24-year-old Shanghai resident Hu Qiyun praise the tool for saving "at least three hours each day" on job hunting tasks, the security trade-offs are giving many pause.
Government Response
China's Ministry of Industry and Information Technology is developing formal safety standards for AI agents. Restrictions have already been imposed at companies, universities, and state-owned enterprises. The response hasn't been entirely restrictive, however — Shenzhen's Longgang district continues offering up to 5 million yuan ($700,000) in grants for OpenClaw-based startups.
Corporate Integration Continues
Despite the backlash, major Chinese tech companies are pressing ahead. Tencent, Alibaba, Baidu, and ByteDance have all launched OpenClaw-integrated products, and Nvidia CEO Jensen Huang has called it "the most successful open-sourced project in the history of humanity."
The Security Lesson
The situation underscores a fundamental challenge with self-hosted AI agents: most users lack the expertise to properly secure them. Exposed instances, weak authentication, and overly broad permissions create attack surfaces that scale with adoption.
Managed hosting platforms like OpenClaw Launch address these risks by handling security configuration, network isolation, and authentication out of the box — so users can focus on using their agent, not securing it.