Use "Lobster" Agent Cautiously, Multiple Banks Receive Regulatory Guidance

◎ Reporter: Wen Ting, Huang Kun

As OpenClaw (also known as “Lobster”) continues to gain popularity, its security issues are drawing increasing attention. On March 15, the China Internet Finance Association issued a risk alert regarding the safe application of OpenClaw in the internet finance industry. Shanghai Securities News learned from multiple institutions that some banks have received relevant risk notices from regulators.

Additionally, some banks have conducted internal checks and reminders about related risks, adopting a cautious attitude toward OpenClaw. Several experts interviewed stated that OpenClaw is currently not very suitable for enterprise service markets with high security and compliance requirements, and it is unlikely to see widespread implementation in core financial operations in the short term.

Multiple banks received regulatory notices

“Lobster” is the nickname for the open-source AI agent OpenClaw, named after its red lobster icon. It integrates communication software and large AI models to autonomously perform complex tasks such as file management, email sending and receiving, and data processing on users’ local computers.

Since its emergence, “Lobster” has attracted widespread attention from China’s industry and users, but it also brings security challenges.

On the evening of March 11, the Cybersecurity Threat and Vulnerability Information Sharing Platform of the Ministry of Industry and Information Technology released a “Six Do’s and Six Don’ts” advice on preventing security risks of OpenClaw (Lobster) open-source intelligent agents, highlighting four typical application scenarios with security risks. Notably, financial transaction scenarios pose significant risks of errors or account hijacking.

On March 15, the China Internet Finance Association issued a reminder stating that while OpenClaw can improve work efficiency, its default high system permissions and weak security configurations are easily exploited by attackers, becoming a breach point for stealing sensitive data or illegally controlling transactions, posing serious risks to the industry.

An insider from a joint-stock bank told Shanghai Securities News that they have already received relevant risk alerts from regulators. Another official from a state-owned bank revealed that the company has issued internal risk warnings, prohibiting employees from self-deploying or deploying OpenClaw during business operations.

According to a related person from a bank’s technology department, regulators have recently issued relevant risk alerts, and the bank is conducting research and deployment to ensure data security. “The head office will also issue relevant risk warnings to employees within the bank in the future.”

Derived risks are also significant

“OpenClaw is not yet suitable for enterprise service markets with high security and compliance requirements,” said Zhang Xiaoming, Assistant Vice President of Xinghuan Technology. He explained that especially for financial clients, which are subject to strict regulation and process requirements, most systems and applications are physically or permission-isolated. Under these circumstances, OpenClaw’s advantages such as autonomous task execution, multi-platform integration, and dynamic skill expansion are limited. Therefore, it is not recommended for financial institutions to deploy directly in production environments.

Dong Ximiao, Chief Economist at Zhaolian Financial and Deputy Director of Shanghai Financial and Development Laboratory, told reporters that the financial industry, especially banking, handles vast amounts of customer information and transaction data. For any area involving funds, customer data, and core transactions, security and compliance are fundamental. “Therefore, we do not expect widespread adoption of OpenClaw in core financial operations in the short term.”

The China Internet Finance Association advises: financial consumers should be extremely cautious when installing OpenClaw on devices used for online banking, securities trading, and payments; institutions should avoid installing OpenClaw on devices involved in handling customer information, fund operations, risk control reviews, or transaction execution, and should not input sensitive data such as customer financial information, transaction data, or credit approval materials into the agent or connect it to processing chains.

According to experts, whether to deploy OpenClaw is a case-by-case decision, but the key issue is the “boundary” of AI applications. On March 11, the People’s Bank of China held the 2026 Technology Work Conference, explicitly requiring that by 2026, the integration of industry and technology should be deepened, and the development of AI applications in finance should be promoted in a steady, safe, and orderly manner to unleash digital and intelligent development momentum.

“AI’s impact on the financial system’s ‘efficiency improvement’ and ‘scenario reconstruction’ creates a contradiction: scenarios are ‘moving fast,’ but compliance demands ‘zero tolerance,’” said Qi Xiangdong, Chairman of Qi An Xin, in an interview with Shanghai Securities News. “Moving fast” refers to the rapid deployment of AI in finance, which accelerates scenario implementation and risk exposure simultaneously. “Zero tolerance” means that from a risk control and compliance perspective, banks, securities, and insurance institutions require higher standards for AI applications. “The full deployment of large models in the financial industry requires further upgrading of network and data security systems to avoid crossing compliance red lines,” Qi added.

Dong Ximiao believes that future AI agent applications are more likely to start with small-scale testing in low-risk, non-core scenarios such as customer service assistance, document processing, and internal knowledge base retrieval; then, models will undergo deep transformation and privatization deployment, establishing comprehensive AI governance to control risks from the source, and then decide whether to expand to core business and scenarios based on circumstances.

In addition to the risks posed by financial institutions deploying AI applications themselves, intelligent agents also provide new tools for illegal activities, and the associated risks should not be underestimated.

The China Internet Finance Association states that criminals may use phrases like “AI stock trading” or “guaranteed profit” to carry out investment scams, exploiting the popularity of “Lobster” to mass-produce fake financial institution announcements, misleading the public into downloading counterfeit apps or transferring funds to designated accounts. Furthermore, criminals may impersonate installation or remote debugging services to gain control of consumer devices, planting malicious programs or stealing sensitive financial information. Reports show that AI-related financial fraud cases are increasing rapidly, and the public’s ability to recognize such new scams needs to be improved.

(Edited by: Qian Xiaorui)

Keywords: