"Shrimp farming" is booming, but safety concerns are emerging: Is China's "lobster" defense strong enough?

21st Century Business Herald Reporter Zhang Chi

“Raising Lobsters” has been a “phenomenal” topic over the past two weeks. The open-source intelligent agent OpenClaw, dubbed “lobster,” has successfully broken into the mainstream with its impressive capabilities. Meanwhile, incidents like the deletion of Meta Security Director’s emails due to OpenClaw going out of control have brought the previously industry-only discussion of AI agent security and privacy into the spotlight. Security concerns around “raising lobsters” have become a public pain point, with some users choosing to uninstall and withdraw.

Recently, the Ministry of Industry and Information Technology, the National Internet Emergency Center, and the National Industrial Information Security Development Research Center issued risk alerts. Without effective permission control strategies or security audit mechanisms, OpenClaw could cause system failures, sensitive information leaks, and other security risks.

Recently, major domestic tech companies have launched their own “lobster” products. By implementing data isolation, security tools, minimal authorization, and error operation rollback mechanisms, they aim to improve the security of “raising lobsters.” Experts advise that enterprise users deploying “lobsters” should pay particular attention to actual needs and build a secure environment.

Gorilla picks up an AK-47—how does domestic “lobster” defend itself?

Elon Musk recently posted a picture on social media of handing an AK-47 to a chimpanzee, symbolizing the potential risks of humans using OpenClaw.

Not long ago, Meta’s security director, while using OpenClaw to clean out emails, discovered it ignored security instructions like “do not operate without approval,” and tried to stop it three times without success. Eventually, all work emails were deleted, resulting in heavy losses.

According to the National Vulnerability Database (CNNVD), from January 2026 to March 9, 2026, a total of 82 OpenClaw vulnerabilities were collected, including 12 critical and 21 high-risk vulnerabilities, involving access control errors, coding issues, and other types.

As the “raising lobsters” community expands from technical personnel to ordinary “newbies,” and even enterprise deployments, security concerns about OpenClaw are becoming very tangible. For example, can users clearly understand the steps and logic of OpenClaw’s operation? Can OpenClaw accurately determine which information is personal privacy? When deploying in enterprises, is there full-chain traceability and rollback capability?

Regarding solutions to open-source OpenClaw security issues, Liu Sen, head of security products at Volcano Engine, mentioned in an interview that ArkClaw enhances security through mechanisms such as private access points, clear boundary access, trusted tool sources, minimal authorization, and high-risk operation review.

Specifically, ArkClaw enforces strict user access verification, stores all user data in isolated environments to prevent external intrusion; any third-party skills must pass security checks before being used; high-risk sensitive operations require secondary confirmation from users, and so on.

Cloud-based “raising lobsters” is suitable for “getting started first”

Currently, major domestic tech companies like Volcano Engine, Tencent, Zhipu, and MiniMax have launched their own “lobster” products. They use methods such as mandatory certification, access restrictions, and minimal permissions for collaborative protection. Deployment strategies focus on two routes: cloud-hosted ready-to-use solutions and local deployment for personalized control.

Shenyang Professor Shen Yang from Tsinghua University’s School of Artificial Intelligence told 21st Century Business Herald that whether running locally or on the cloud, these two modes are not inherently good or bad but differ fundamentally in risk characteristics and management approaches. Cloud deployment makes standard monitoring and operation-maintenance loops easier, suitable for platformization and enterprise services; however, data, decision-making, and execution heavily depend on the service provider. Local deployment, while weaker in computing power, model update speed, and unified operation, offers advantages in offline availability and auditability. Cloud is suitable for “getting started first,” while local deployment is better for “serious product development.” The future trend will be an integrated edge-cloud approach.

Regarding the “accidental file deletion” incident with OpenClaw, Tian Taotao, head of cloud infrastructure products at Volcano Engine, said ArkClaw can recover through operation step rollback in the cloud. By transparent full-chain auditing, it can identify whether deletions were caused by normal commands, external intrusion, AI hallucinations, or poisoning. The behavior chain related to accidental deletions can be recorded locally, with each interaction input and output logged, aiding in original error correction.

Will privacy be leaked when raising lobsters on the cloud? Tian Taotao explained that cloud deployment security relies on virtual networks and key management isolation. Personal information is encrypted before using cloud resources, and cloud administrators do not have access to plaintext data.

However, users should always maintain security awareness when using any service. Even on the cloud, attention to account security, data classification, and behavior authorization is necessary.

Making “lobsters” do more than twice

Due to immature technology, lack of security mechanisms, and high usage costs, recent social platforms have seen a “withdrawal” phenomenon, with many ordinary users uninstalling after trying out.

360 founder Zhou Hongyi previously criticized OpenClaw for its “high installation threshold, inconvenient operation for ordinary users, and currently only capable of “high-end” tasks,” which are far from serving daily life.

ArkClaw requires no complex configuration; it can be used directly via a web page, making it a cloud SaaS version of OpenClaw.

In practical use, “ordinary people can turn any task they need to do more than twice into a skill, and let ArkClaw execute it,” Tian Taotao said. For example, creating a scheduled bot to collect and summarize information; e-commerce companies can use it for office work, customer service, etc., such as AI answering questions in groups while learning from group information to evolve itself.

He emphasized that the future trend is very clear: long-term token prices will definitely decline, and everyone will have many digital employees.

Currently, many local governments are introducing policies to encourage “raising lobsters.” Feishu CEO Xie Xin previously emphasized that while the capabilities of agents are exciting, the security baseline determines whether they can truly enter work scenarios.

Shenyang Professor reminded individual users that the current risks of OpenClaw remain high; installing and using it is akin to “mindlessly trusting,” and without data isolation, accidents are very likely.

Liu Sen pointed out that enterprise users should pay attention to building a secure lobster environment and also develop a secure skills marketplace, MCP toolset, and more.