China's Ministry of Industry and Information Technology (MIIT) has issued a security alert for OpenClaw, an open-source AI agent gaining rapid traction among developers and businesses. The warning, published on February 5, 2026, highlights vulnerabilities that could expose users to cyberattacks and data breaches if configurations are mismanaged.
OpenClaw, which allows private deployment of AI assistants with persistent memory and proactive task execution, has seen explosive growth since its November 2025 launch. Its GitHub repository surpassed 100,000 stars last month, while Chinese cloud giants Alibaba, Tencent, and Baidu now offer dedicated hosting services for the platform.
The National Vulnerability Database (NVDB) identified risks stemming from unclear trust boundaries during deployment, autonomous decision-making protocols, and insufficient access controls. 'Continuous operation without proper auditing could enable hostile takeovers or prompt-induced misuse,' the advisory stated, urging organizations to review network exposure and strengthen encryption.
Recent incidents have amplified concerns. Cybersecurity firm Wiz revealed on February 2 that Moltbook—a social network exclusively for OpenClaw bots—had exposed private data of thousands due to a configuration flaw. MIIT recommends disabling unnecessary public access and implementing multi-layered authentication systems.
While OpenClaw's local deployment model initially appealed to privacy-conscious users, its integration with third-party cloud services has created new attack vectors. Analysts suggest the alert reflects broader efforts to balance AI innovation with national cybersecurity priorities in the Chinese mainland.
