Use "Lobster" Agent Cautiously, Multiple Banks Receive Regulatory Guidance

◎Reporter: Wen Ting, Huang Kun

As OpenClaw (also known as “Lobster”) continues to gain popularity, its security issues are drawing increasing attention. On March 15, the China Internet Finance Association issued a risk alert regarding the safe application of OpenClaw in the internet finance industry. Shanghai Securities News learned from multiple institutions that some banks have received relevant risk notices from regulators.

Additionally, some banks have conducted internal self-inspections to remind staff of related risks and remain cautious about OpenClaw. Several experts interviewed stated that OpenClaw is currently not very suitable for enterprise service markets with high security and compliance requirements, and it is unlikely to see widespread deployment in core financial operations in the short term.

Multiple banks received regulatory warnings

“Lobster” is the nickname for the open-source AI agent OpenClaw, named after its red lobster icon. It integrates communication software and large AI models to autonomously perform complex tasks such as file management, email sending and receiving, and data processing on users’ local computers.

Since its emergence, “Lobster” has attracted widespread attention from China’s industry and users, but it also brings security challenges.

On the evening of March 11, the Cybersecurity Threat and Vulnerability Information Sharing Platform of the Ministry of Industry and Information Technology released the “Six Do’s and Six Don’ts” advice for preventing security risks of OpenClaw (Lobster) open-source intelligent agents, highlighting four typical application scenarios with security risks. Notably, it emphasized that financial transaction scenarios mainly face significant risks of erroneous trades or account hijacking.

On March 15, the China Internet Finance Association issued a reminder stating that while OpenClaw can improve work efficiency, its default high system permissions and weak security configurations are easily exploited by attackers, becoming a breach point for stealing sensitive data or illegally controlling transactions, posing serious risks to the industry.

An insider from a joint-stock bank told Shanghai Securities News that they have already received relevant risk alerts from regulators. Another official from a state-owned bank revealed that the company has issued internal risk warnings, prohibiting employees from building or deploying OpenClaw during business operations.

According to a relevant person from a bank’s technology department, regulators have recently issued related risk alerts, and the bank is conducting research and deployment to ensure data security. “The head office will also issue relevant risk warnings to employees within the bank in the future.”

Derived risks should not be overlooked

“OpenClaw is not yet suitable for enterprise service markets with high security and compliance requirements,” said Zhang Xiaoming, Assistant Vice President of Xinghuan Technology. He explained that especially for financial clients, which are subject to strict regulation and process requirements, most systems and applications are physically or permission-isolated. Under these conditions, OpenClaw’s advantages in autonomous task execution, multi-platform integration, and dynamic skill expansion are difficult to fully realize. Therefore, it is not recommended for financial institutions to deploy directly in production environments.

Dong Ximiao, Chief Economist at Zhaolian and Deputy Director of Shanghai Financial and Development Laboratory, told reporters that the financial industry, especially banking, handles massive amounts of customer information and transaction data. For any area involving funds, customer data, and core transactions, security and compliance are fundamental. “Therefore, we won’t see large-scale deployment of OpenClaw in core financial operations in the short term.”

The China Internet Finance Association advises: financial consumers should be extremely cautious when installing OpenClaw on devices used for online banking, securities trading, and payments; institutions should avoid installing OpenClaw on terminals involved in customer information processing, fund operations, risk control reviews, or transaction execution, and should not input sensitive data such as customer financial information, transaction data, or credit approval materials into the agent or connect it to processing chains.

Experts believe that whether OpenClaw is deployed or not is just an individual case; the key issue is the “boundary” of AI applications triggered by such cases. On March 11, the People’s Bank of China held the 2026 Technology Work Conference, explicitly requiring that by 2026, the integration of industry and technology should be deepened, and the development of AI applications in finance should be promoted steadily, safely, and in an orderly manner, to unleash the momentum of digital and intelligent development.

“AI’s ‘efficiency improvement’ and ‘scenario reconstruction’ in the financial system create a contradiction: scenarios are ‘running fast,’ but compliance demands ‘zero tolerance.’” Qi Xiangdong, Chairman of Qi An Xin, told Shanghai Securities News. “‘Running fast’ refers to the rapid deployment of AI in finance, which accelerates scenario implementation and risk exposure simultaneously. ‘Zero tolerance’ means that from risk control and compliance perspectives, banks, securities firms, and insurance companies require higher standards for AI applications. The full deployment of large models in finance demands further upgrades to network and data security systems to avoid crossing compliance red lines,” he explained.

Dong Ximiao believes that future AI agent applications are more likely to start with small-scale testing in low-risk, non-core scenarios such as customer service assistance, document processing, and internal knowledge base retrieval. Then, models will undergo deep modifications and privatization, establishing comprehensive AI governance systems to control risks from the source, and decisions on expanding to core business and scenarios will be made based on circumstances.

In addition to the risks posed by financial institutions deploying AI applications themselves, intelligent agents also provide new tools for illegal activities, and the associated risks should not be underestimated.

The China Internet Finance Association states that criminals may use phrases like “AI stock trading” or “guaranteed profit” to carry out investment scams, exploiting the “Lobster” craze to mass-produce fake financial institution information, inducing the public to download counterfeit apps or transfer money to designated accounts. Moreover, criminals may also use “remote installation” or “remote debugging” as pretexts to gain control of consumers’ devices, planting malicious programs or stealing sensitive financial information. Reports show that AI-related financial scams are rapidly increasing, and the public’s ability to recognize such new types of fraud needs improvement.