Use "Lobster" Agent Cautiously, Multiple Banks Receive Regulatory Guidance

(Source: Qianlong.com)

As OpenClaw (also known as “Lobster”) continues to gain popularity, security concerns are drawing attention. On March 15, the China Internet Finance Association issued a risk alert regarding the safe application of OpenClaw in the internet finance industry. Shanghai Securities News learned from multiple institutions that some banks have received relevant risk notices from regulators.

Additionally, some banks have conducted internal self-inspections to remind staff of related risks and remain cautious about OpenClaw. Several experts interviewed stated that OpenClaw is currently not suitable for enterprise service markets with high security and compliance requirements, and large-scale adoption in core financial operations is not expected in the short term.

Multiple banks received regulatory notices

“Lobster” is the nickname for the open-source AI agent OpenClaw, named after its red lobster icon. It integrates communication software and large AI models to autonomously perform complex tasks such as file management, email sending and receiving, and data processing on users’ local computers.

Since its emergence, “Lobster” has attracted widespread attention from China’s industry and users, but it also brings security challenges.

On the evening of March 11, the Cybersecurity Threats and Vulnerabilities Information Sharing Platform of the Ministry of Industry and Information Technology released the “Six Do’s and Six Don’ts” advice to prevent security risks of OpenClaw (Lobster) open-source intelligence agents, highlighting four typical application scenarios with security risks. Notably, financial transaction scenarios pose significant risks of errors or account hijacking.

On March 15, the China Internet Finance Association issued a reminder stating that while OpenClaw can improve work efficiency, its default high system permissions and weak security configurations are easily exploited by attackers, potentially leading to sensitive data theft or illegal transaction manipulation, posing serious industry risks.

An internal source from a joint-stock bank told Shanghai Securities News that they have received relevant risk alerts from regulators. Another official from a state-owned bank revealed that the company has issued internal risk warnings, prohibiting employees from self-deploying or deploying OpenClaw during business operations.

According to a related person from a bank’s technology department, regulators have recently issued risk alerts, and the bank is conducting research and deployment to ensure data security. “The head office will also issue relevant risk warnings to employees within the bank in the future.”

Derivative risks are also significant

“OpenClaw is not yet suitable for enterprise service markets with high security and compliance requirements,” said Zhang Xiaoming, Assistant Vice President of Xinghuan Technology. He explained that especially for financial clients with strict regulation and process requirements, most systems and applications are physically or permission-isolated. Under these conditions, OpenClaw’s advantages in autonomous task execution, multi-platform integration, and dynamic skill expansion are limited. Therefore, it is not recommended for financial institutions to deploy directly in production environments.

Dong Ximiao, Chief Economist at Zhaolian Financial and Deputy Director of Shanghai Financial and Development Laboratory, told reporters that the financial industry, especially banks, handles massive amounts of customer information and transaction data. For any area involving funds, customer data, and core transactions, security and compliance are fundamental. “Therefore, we do not expect large-scale deployment of OpenClaw in core financial operations in the short term.”

The China Internet Finance Association advises: financial consumers should be extremely cautious when installing OpenClaw on devices used for online banking, securities trading, and payments; institutions should avoid installing OpenClaw on devices involved in customer information processing, fund operations, risk control reviews, or transaction execution, and should not input sensitive data such as customer financial information, transaction data, or credit approval materials into the agent or connect it to processing chains.

Experts believe that whether to deploy OpenClaw is a case-by-case decision, but the key issue is the “boundary” of AI applications. On March 11, the People’s Bank of China held the 2026 Technology Work Conference, explicitly requiring that by 2026, the integration of industry and technology should be deepened, and AI applications in finance should be promoted in a safe, steady, and orderly manner, releasing the momentum of digital and intelligent development.

“AI has created a contradiction between ‘efficiency improvement’ and ‘scenario reconstruction’ in the financial system: scenarios are advancing rapidly, but compliance requires zero tolerance,” said Qi Xiangdong, Chairman of Qi An Xin. He explained that “running fast” refers to the rapid deployment of AI applications in finance, which accelerates scenario implementation and risk exposure simultaneously. “Zero tolerance” means that from a risk control and compliance perspective, banks, securities, and insurance institutions demand higher standards for AI applications. “The widespread adoption of large models in finance requires financial institutions to upgrade their network and data security systems to avoid crossing compliance red lines,” Qi added.

Dong Ximiao believes that future AI agent applications are more likely to start with small-scale testing in low-risk, non-core scenarios such as customer service, document processing, and internal knowledge base retrieval. Then, models will undergo deep transformation and privatization, establishing comprehensive AI governance to control risks from the source, and decisions on expanding to core business and scenarios will be made based on circumstances.

Beyond the risks posed by financial institutions deploying AI applications, intelligent agents also provide new tools for malicious actors, and the associated risks should not be underestimated.

The China Internet Finance Association states that criminals may use phrases like “AI stock trading” or “guaranteed profit” to carry out investment scams, and exploit the popularity of “Lobster” to mass-produce fake financial institution announcements, tricking the public into downloading counterfeit apps or transferring funds to designated accounts. Additionally, criminals may impersonate installation or remote debugging services to gain control of consumer devices, implant malicious programs, or steal sensitive financial information. Reports show that AI-related financial scams are rapidly increasing, and the public’s ability to recognize such new types of fraud needs improvement.