Financial Sector Must Be Cautious About "Lobsters," Internet Finance Association Warns of Four Core Risks

How can AI agents overcome the explainability barrier to serve the financial industry?

Recently, the open-source AI agent OpenClaw (commonly known as “Lobster”) has seen a continuous rise in downloads and usage. This agent defaults to high system permissions and can directly control computer terminals based on natural language commands. Recently, the Cybersecurity Threats and Vulnerabilities Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology and the National Internet Emergency Center (CNCERT) issued related security risk alerts.

On March 15, the China Internet Finance Association released a risk warning titled “Security Risks of OpenClaw in Internet Financial Industry” (referred to as “Risk Warning”), stating that the online and digital transformation of the internet finance industry involves handling critical sensitive information such as customer funds, assets, accounts, and personal financial data. While OpenClaw can improve work efficiency, its default high system permissions and weak security configurations make it vulnerable to exploitation by attackers, potentially becoming a breach point for stealing sensitive data or illegally controlling transactions, posing serious risks to the industry.

Broadcom Consulting Chief Analyst Wang Pengbo told First Financial that the recent surge of open-source AI agents like OpenClaw is gaining momentum. However, when this wave reaches the financial sector, its adaptability and feasibility face severe challenges. Under strict regulation, high risk, and heavy responsibility, financial institutions must remain highly cautious and avoid blindly following technological trends.

Data and Transactions Are Both at Risk

“The core operations of the financial industry—including credit granting, trading, risk control, and payments—are directly related to fund security, user rights, and system stability. Any technological application must be based on compliance and security as bottom lines. Currently, open-source AI agents emphasize end-to-end automation, but their operational logic fundamentally conflicts with the financial regulatory requirements for explainability, traceability, and human intervention,” Wang said.

The Internet Finance Association pointed out four major risks of OpenClaw in the internet finance industry. First, the risk of fund loss. The warning states that OpenClaw has publicly disclosed multiple medium- and high-risk vulnerabilities that attackers can exploit to gain control of devices through such vulnerabilities or prompt injections. Additionally, its plugin (Skills) lacks effective community security review mechanisms, and there have been multiple malicious plugin poisoning incidents. In financial scenarios, these risks could be used to steal sensitive information such as online banking passwords, payment keys, and securities trading API credentials, leading to unauthorized fund transfers or transactions, directly causing customer fund losses.

Second, transaction liability risks. The association notes that OpenClaw can autonomously perform multi-step operations, and some users have used it for stock monitoring and investment strategy backtesting. Automated execution may lead to misoperations such as fund transfers or purchasing investment products, resulting in actual losses. Currently, AI technology does not have full explainability, making it difficult to determine responsibility for automated financial transactions, and legal liability remains uncertain.

Third, data compliance risks. OpenClaw has persistent memory functions, and data generated during operation are stored locally in session records and memory files. When calling large model APIs or performing other operations, relevant data may be transmitted to third parties.

The association emphasizes that internet financial scenarios involve highly sensitive data such as credit reports, loan approval materials, and transaction records. Once this data enters the AI processing chain, its access scope and retention period may exceed necessary limits for the original business purpose, raising compliance risks in financial data management.

Additionally, there are new scam risks. The association warns that malicious actors may use phrases like “AI stock trading” or “guaranteed profit” to carry out investment scams, exploiting the “Lobster” hype to mass-produce false information from financial institutions, misleading the public into downloading fake apps or transferring funds to designated accounts. Furthermore, scammers may pose as technicians for “installation assistance” or “remote debugging” to gain control of consumer devices, planting malware or stealing sensitive financial information. Reports show a rapid increase in AI-related financial fraud cases, and the public’s ability to recognize such new scams needs improvement.

Exercise Caution When Installing and Beware of Scams

In response to these risks, the China Internet Finance Association offers four prevention suggestions.

First, advise financial consumers to be extremely cautious when installing OpenClaw on devices used for online banking, securities trading, or payments. If installation is necessary, do not grant system operation permissions related to financial services, promptly follow up on OpenClaw vulnerability fixes, strictly control plugin installations, and avoid entering sensitive information such as ID numbers, bank card numbers, or passwords during use. Additionally, since such applications continuously call large model APIs during operation, they may incur high token costs, so users should monitor usage closely.

Second, warn consumers to be highly vigilant against scams promising “virtual shrimp farming,” “AI stock trading,” or “guaranteed profits.” All transfer or investment operations should be conducted through official channels, and users should not trust others claiming to “install on your behalf” or “perform remote debugging” to access personal devices.

Third, advise institutions not to install OpenClaw on devices involved in handling customer information, fund operations, risk control, or transaction execution, and not to input sensitive data such as customer financial information, transaction data, or loan approval materials into the agent or connect it to processing chains.

Fourth, recommend that organizations incorporate the security management of AI agents like OpenClaw into their overall information security framework. Conduct specialized security training for staff to improve their ability to identify and prevent risks associated with such applications.

Wang Pengbo believes that open-source AI agents are not without value to the financial industry. Their greatest advantage lies in reducing costs and increasing efficiency, especially in automating repetitive, rule-based auxiliary tasks. For AI agents to truly penetrate core financial scenarios, several key thresholds must be crossed: achieving algorithm explainability and traceability to eliminate black-box issues; establishing clear responsibility and accountability mechanisms; building data compliance and privacy protection systems aligned with financial standards; and maintaining human intervention rights with circuit breakers to prevent irreversible risks.

(This article is from First Financial)