Author: Deng Tong, Golden Finance

In the spring of 2026, not only are there wars in the Middle East and soaring oil prices, but also a lobster stirring the waters of the AI track.

On January 24, OpenClaw climbed to the front page of Hacker News and topped the hot list TOP1, becoming a pivotal moment of its explosive popularity. On January 30, OpenClaw completed brand unification, officially named, and established a red lobster logo. From February to March, domestic tech giants followed up with one-click deployment, offline experience queues, and the topic fermented across the internet, making OpenClaw widely popular.

However, just as the lobster became popular across the country, the "naked" lobster raised various concerns among people. From "farming lobsters" to "killing lobsters," in just a few days, the mood shifted dramatically, with discussions starting on the security boundaries of AI entities...

1. From "Farming Lobsters" to "Killing Lobsters"

OpenClaw is essentially an open-source AI Agent framework, first released by Austrian developer Peter Steinberger. It allows users to create a "self-governing agent" that can call large models, access file systems, connect to external applications, and execute tasks.

Unlike traditional chatbots, OpenClaw is not a simple "Q&A AI," but an AI assistant capable of performing actual operations.

Many technology companies have begun to build application scenarios based on OpenClaw, and some cities have even introduced subsidy policies to attract related startup projects:

• Wuxi High-tech Zone published "Several Measures to Support the Integration of OpenClaw and Other Open Source Community Projects with the OPC Community (Draft for Comments)," with 12 "farming lobster" policies, ranging from basic support to industrial implementation, from talent introduction to safety compliance, with individual support reaching up to 5 million yuan. A subsidy of up to 1 million yuan is provided for local cloud platforms that offer free deployment and development toolkits.

• Hefei High-tech Zone released the "Action Plan for Building an AI OPC Entrepreneurial Ecosystem Demonstration Zone in Hefei (Draft for Comments)," introducing 15 hardcore measures to fully support the landing and deep cultivation of OpenClaw and other open-source AI projects, aiming to establish a new business model benchmark of "AI + Super Individual/One-Person Company (OPC)." Hefei High-tech Zone has prepared a luxurious package of "space + talent + computing power + scenarios + capital," offering funding support of up to 10 million yuan.

• Nanjing Xixia District and Jiangning District issued special support policies for OPC×OpenClaw. Xixia District released "Several Measures to Support the Integration of OpenClaw and Other Open Source AI Smart Tools with the OPC Community," providing corresponding amounts of free computing resources and subsidies for domestic leading model API calling fees to developers entering the OPC community, supporting hourly or daily rental of "elastic computing power," thus reducing initial technical costs. The OPC community located in the Zijinshan Science and Technology City in Nanjing Jiangning Development Zone—"Zijin Star" launched a special policy of "six lobster measures," providing subsidies of up to 30% of the billing amount for renting AI computing resources for development applications, with a maximum of 2 million yuan annually in computing vouchers for the same user.

For a time, "farming a lobster" even became a new trend in the AI community.

But the good times didn't last long, as the hidden dangers of the "lobster" caught the industry's attention.

Many users, during the deployment process, accidentally exposed control interfaces directly to the public internet. OpenClaw by default provides control services through port 18789, and if strict identity verification is not set, any network scanning tool can easily locate it. Once these interfaces are connected by attackers, they can directly take control of an AI agent with the highest system permissions. The tool originally designed to provide convenience suddenly becomes a springboard for others to control your computer or server.

On March 10, Zhou Hongyi further discussed the development and risks of the AI era via his personal account, bluntly stating: "Farming OpenClaw also presents a series of data security issues; sometimes it hallucinates and may delete all files in your C drive." He pointed out that currently, most units' self-developed large models are still in the "chatbot" stage, with a significant gap from truly operational intelligent agents, requiring compound talents who understand both technology and business to drive AI implementations.

On March 11, the Ministry of Industry and Information Technology's Cybersecurity Threat and Vulnerability Information Sharing Platform (NVDB) organized AI agent providers, vulnerability collection platform operators, cybersecurity enterprises, etc., to propose suggestions titled "Six Musts and Six Must Nots." Among them, it mentioned that financial transaction scenarios primarily pose significant risks of erroneous trades or even account takeover. Countermeasures include: implementing network isolation and the principle of least privilege, shutting down unnecessary internet ports; establishing manual review and emergency cutoff mechanisms, increasing secondary confirmations for critical operations; strengthening supply chain audits, using official components, and regularly fixing vulnerabilities; ensuring full-chain audits and security monitoring to timely discover and address security risks.

A maintainer of OpenClaw, Shadow, warned on Discord: "If you can’t even use the command line, then this project is too dangerous for you to use safely."

A quick search online reveals various "killing lobster" guides, with phrases like "uprooting" and "lobster remnants" popping up continuously, reflecting a rapid shift in attitude from "farming a lobster" to "killing a lobster" under the shadow of security risks.

2. What Issues Exist with OpenClaw

1. Excessive Permissions, Information Leakage

OpenClaw needs access to a large number of sensitive permissions, such as emails, local files, API keys, and enterprise data; any improper configuration can pose significant risks. The agent could execute deletion or modification of files, call paid APIs, automatically send emails, access internal enterprise data, among other issues. Security researchers have indicated that malware referred to as "information stealers" can copy the installation files of OpenClaw connected to emails and other services. If attackers gain access to this information, they may directly control the user's OpenClaw.

Many users also connect OpenClaw to enterprise data or personal information, which creates further risks of information leakage.

2. High Costs

OpenClaw itself is open-source and free, but it does not come with models; instead, it connects to external language models provided by suppliers such as OpenAI, Anthropic, and Google. Each AI inference incurs costs. Therefore, each conversation, each automated step, and every decision made by OpenClaw triggers an API call to one of these models, with each call incurring expenses.

The costs of OpenClaw range from about $6 to over $200 monthly, depending on the system's deployment method and operational intensity.

Specifically, the total cost of running OpenClaw depends on VPS resource allocation, the type of large model connected, the frequency of automation triggers, and the scale of the workflow. Most individual users spend between $6 and $13 monthly, small teams typically spend $25 to $50, medium to large teams spend between $50 and $100 monthly, and highly automated setups that process thousands of AI interactions daily could incur over $100 a month.

3. Lack of Security Review

Employees deploy OpenClaw on company devices using single-line installation commands. There’s no approval process, no security review, and the Security Operations Center (SOC) cannot monitor it. This represents one of the most dangerous forms of shadow AI, with 63% of organizations that have suffered AI-related security vulnerabilities lacking AI governance policies. This means that enterprise security operations often cannot monitor the activities of these AI agents at all. If an agent is attacked or misconfigured, it could become a potential vulnerability within the enterprise network.

4. Presence of Hallucinations

Unlike ordinary chatbots, AI Agents can automatically perform tasks. Research shows that AI Agents are more prone to "circular reasoning" issues in complex tasks. Once an AI Agent hallucinates, it could lead to infinite looping tasks, frequent API calls, automatic execution of erroneous operations, server resources being exhausted, and other issues.

3. Reflections Triggered by a Lobster

OpenClaw is the first lobster to emerge from the AI wave. Although it has many issues, this lobster represents the future of artificial intelligence.

In the past few years, the wave of artificial intelligence has been ignited by ChatGPT, with its core capabilities centered around conversation and content generation; then, it transitioned into the Copilot era, focusing on office assistance and efficiency enhancement; and now we are in the era of AI agents, emphasizing autonomous task execution. Under the model of OpenClaw, AI will automatically complete a series of complex steps: understanding tasks, breaking down goals, calling tools, integrating information, and finally completing the tasks. Users no longer need to operate software; they only need to describe their goals, while AI is responsible for breaking down tasks and calling tools to complete them. Although there are security risks involved, this also marks a new round of transformation in human-computer interaction and the AI wave.

Different from traditional AI software, AI agents have higher autonomy when executing tasks. If the system is attacked, permissions are misconfigured, or models hallucinate, it may lead to erroneous operations or even security risks. This is why, while OpenClaw is gaining popularity, it has also sparked extensive discussions concerning security and governance.

Security concerns are temporary; the refinement and development of AI agents are inevitable trends. Just as numerous conversation and content generation software emerged following the launch of ChatGPT, a large number of AI agents will also emerge after the advent of OpenClaw.

In the future, perhaps we will usher in an era where everyone "farms lobsters." Lobsters are indeed delicious, but while enjoying the AI feast, we must first learn how not to get pinched.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。