"Raising Crayfish" Crisis: China Restricts OpenClaw AI Following Critical Vulnerabilities

The Chinese Ministry of Industry and Information Technology (MIIT) and the National Computer Network Emergency Response Technical Team (CNCERT) have issued a series of high-priority security alerts regarding the autonomous AI agent OpenClaw. Known affectionately among Chinese tech enthusiasts as the "AI Lobster" (or "Crayfish") due to its distinctive red logo, the software has moved from a viral sensation to a national security concern in a matter of weeks.

The warnings, published on March 10, 2026, follow the discovery of over 40,000 exposed OpenClaw instances on the public internet, with researchers estimating that more than 60% are vulnerable to immediate takeover. The highest density of these exposed instances was located in China, followed by the US and Singapore.

The Rise and Risk of Autonomous Agents

OpenClaw is an open-source framework that allows large language models (LLMs) to operate computers autonomously. Unlike traditional chatbots, OpenClaw can read local files, execute system commands, and interact with third-party messaging apps like Telegram and WhatsApp.

This deep level of integration is precisely what triggered the MIIT alert. Because the software requires high-level system permissions to function, any security breach gives an attacker "super-user" control over the host machine.

Critical Flaw: The "ClawJacked" Vulnerability

The primary driver for the recent government restrictions is a high-severity flaw dubbed "ClawJacked." The technical nature of the vulnerability involves a failure in how the OpenClaw gateway handles local connections:

• Localhost Exploitation: The gateway was found to trust all traffic from "localhost" without proper authentication.
• Silent Hijacking: A malicious website visited by a user could use hidden JavaScript to brute-force the gateway password and register a new "trusted device" silently in the background.
• Outcome: Without any user interaction or visible warning, a remote attacker could gain full access to the AI agent’s logs, API keys, and local file system.

Government and Sector Response

In response to the "ClawJacked" threat and broader supply-chain risks found in the "ClawHub" plugin marketplace, the Chinese government has taken decisive action:

1. State Sector Ban: Bloomberg and local financial news outlets report that government agencies and major state-owned banks have received internal notices prohibiting the installation of OpenClaw on official devices.
2. MIIT Mandate: The Ministry has ordered critical infrastructure operators to immediately audit their networks and close all public-facing ports associated with the software.
3. Local Subsidies Frozen: In districts like Shenzhen's Longgang, where "OpenClaw Farming" was recently being subsidized with up to 2 million yuan, authorities are now pivoting toward "domestic adaptation certification" to ensure future deployments are secure.

The OpenClaw development team has moved quickly to release patches, and version 2026.2.25 is currently recommended as the minimum secure build. However, CNCERT warns that many users continue to run vulnerable, unpatched versions in "Shadow IT" environments outside of corporate oversight.