Use "Lobster" Agent Cautiously, Multiple Banks Receive Regulatory Guidance

◎Reporter: Wen Ting, Huang Kun

As OpenClaw (also known as “Lobster”) continues to gain popularity, its security issues are drawing increasing attention. On March 15, the China Internet Finance Association issued a risk alert regarding the safe application of OpenClaw in the internet finance industry. Shanghai Securities News learned from multiple institutions that some banks have received relevant risk notices from regulators.

Additionally, some banks have conducted internal self-inspections to remind staff of related risks and remain cautious about OpenClaw. Several experts interviewed stated that OpenClaw is currently not suitable for enterprise service markets with high security and compliance requirements, and it is unlikely to see widespread deployment in core financial operations in the short term.

Multiple banks received regulatory alerts

“Lobster” is the nickname for the open-source AI agent OpenClaw, named after its red lobster icon. It integrates communication software and large AI models to autonomously perform complex tasks such as file management, email sending and receiving, and data processing on users’ local computers.

Since its emergence, “Lobster” has attracted widespread attention from China’s industry sectors and users, but it also brings security challenges.

On the evening of March 11, the Cybersecurity Threats and Vulnerabilities Information Sharing Platform of the Ministry of Industry and Information Technology released a “Six Do’s and Six Don’ts” advice on preventing security risks of OpenClaw (Lobster) open-source intelligent agents, highlighting four typical application scenarios with security risks. Notably, financial transaction scenarios pose significant risks of errors or account hijacking.

On March 15, the China Internet Finance Association issued a reminder stating that while OpenClaw can improve work efficiency, its default high system permissions and weak security configurations are easily exploited by attackers, potentially leading to sensitive data theft or illegal transaction manipulation, posing serious industry risks.

An internal source from a joint-stock bank told Shanghai Securities News that they have received relevant risk alerts from regulators. Another official from a state-owned bank revealed that the company has issued internal risk warnings, prohibiting employees from building or deploying OpenClaw during business operations.

According to a related person from a bank’s technology department, regulators have recently issued risk alerts, and the bank is conducting research and deployment to ensure data security. “The head office will also issue relevant risk warnings to employees within the bank in the future.”

Derived risks are also significant

“OpenClaw is not yet suitable for enterprise service markets with high security and compliance requirements,” said Zhang Xiaoming, Assistant Vice President of Xinghuan Technology. He explained that especially in finance, where there are strict regulations and process requirements, most systems and applications are physically or permission-isolated. Under these conditions, OpenClaw’s advantages in autonomous task execution, multi-platform integration, and dynamic skill expansion are limited. Therefore, it is not recommended for financial institutions to deploy directly in production environments.

Dong Ximiao, Chief Economist at Zhaolian and Deputy Director of Shanghai Financial and Development Laboratory, told reporters that the financial industry, especially banking, handles vast amounts of customer information and transaction data. For any area involving funds, customer data, and core transactions, security and compliance are fundamental. “Therefore, we do not expect widespread deployment of OpenClaw in core financial operations in the short term.”

The China Internet Finance Association advises: financial consumers should be extremely cautious when installing OpenClaw on devices used for online banking, securities trading, and payments; institutions should avoid installing OpenClaw on terminals involved in customer information processing, fund operations, risk control reviews, or transaction execution, and should not input sensitive data such as customer financial information, transaction data, or credit approval materials into the agent or connect it to processing chains.

Experts believe that whether to deploy OpenClaw is a case-by-case decision, but the key issue is the “boundary” of AI application. On March 11, the People’s Bank of China held the 2026 Technology Work Conference, emphasizing the need to deepen industry-technology integration, and to promote AI applications in finance safely, steadily, and prudently, releasing the momentum of digital and intelligent development.

“AI’s impact on the financial system’s ‘efficiency improvement’ and ‘scenario reconstruction’ creates a contradiction: scenarios are advancing rapidly, but compliance demands zero tolerance,” said Qi Xiangdong, Chairman of Qi An Xin. He explained that “advancing rapidly” refers to the quick deployment of AI in finance, which accelerates scenario implementation and risk exposure simultaneously. “Zero tolerance” means that from a risk control and compliance perspective, banks, securities, and insurance firms require higher standards for AI applications. “The full rollout of large models in finance demands further upgrades to network and data security systems to avoid crossing compliance red lines,” Qi added.

Dong Ximiao believes that future AI agent applications are more likely to start with small-scale testing in low-risk, non-core scenarios such as customer service support, document processing, and internal knowledge base retrieval. Then, models will undergo deep transformation and privatization, establishing comprehensive AI governance to control risks from the source, and decisions on expanding to core business and scenarios will be made based on circumstances.

Beyond the risks posed by financial institutions deploying AI applications, intelligent agents also provide new tools for malicious actors, and the associated risks should not be overlooked.

The China Internet Finance Association states that criminals may use phrases like “AI stock trading” or “guaranteed profit” to carry out investment scams, exploiting the popularity of “Lobster” to mass-produce fake financial institution announcements, misleading the public into downloading counterfeit apps or transferring funds to designated accounts. Additionally, criminals may impersonate installation or remote debugging services to gain control of consumer devices, planting malicious programs or stealing sensitive financial information. Reports show that AI-related financial scams are rapidly increasing, and the public’s ability to recognize such new types of fraud needs improvement.

(Edited by: Qian Xiaorui)

Keywords: