← Back to stories Close-up of a two-wheeled mini robot on a wooden floor with sneakers in background.
Photo by Kindel Media on Pexels
虎嗅 2026-03-11

The first batch of "lobster" victims has emerged

"Lobsters" burn tokens — and cash

The first wave of users running OpenClaw-style open-source AI agents — now nicknamed “lobsters” — are discovering a painful bill. OpenClaw itself does not host a large model; it orchestrates them. That means every search, code edit or automated workflow the agent performs triggers multiple API calls to underlying models and multiplies token consumption. Who pays for that work? The human operator does — and it has been reported that some early adopters woke to four- and five-figure bills after only days of use, sometimes because API keys were stolen or misconfigured.

Reportedly, a Shenzhen programmer received a three-day bill after an API key theft that drew down roughly ¥12,000 in token charges; a big-data engineer said a single evening of casual queries consumed one million tokens and left him facing arrears. Users and developers compare current costs to the early mobile data era: expensive, unpredictable and easy to exceed. Part of the problem is architectural: agents decompose tasks into many micro-steps, each requiring multiple rounds of model interaction, so an ostensibly simple job can cost multiples or even hundreds of times more tokens than a straight chat session.

Policy, markets and security collide

Local governments are racing to ride the wave: Suzhou Changshu has proposed up to ¥6 million in support for one-person firms using OpenClaw in production, Shenzhen’s Longgang district launched a package nicknamed the “lobster ten measures,” and Wuxi’s high-tech zone has floated project grants up to ¥5 million. Markets have already reacted — it has been reported that MiniMax’s shares jumped following a string of product releases and that Zhipu (智谱) and other model vendors saw spikes in usage and valuation after agent tools hit the mainstream. OpenRouter data reportedly showed Chinese models’ weekly token calls rising sharply and briefly surpassing U.S. volumes, with several domestic models occupying top spots in global call rankings.

But the surge has prompted official pushback. China’s Ministry of Industry and Information Technology warned that OpenClaw instances with default or improper configurations pose high security risks, including network attacks and data leakage. Security scans by firms such as Censys reportedly found more than 30,000 OpenClaw instances exposed on the public internet without authentication. There are also operational hazards: researchers and users have demonstrated prompt-injection attacks and reckless agent behavior that deleted data despite explicit safety prompts. The result is a vivid trade-off — these agents lower the barrier for AI-driven automation, accelerating commercialization and investment, but they also expand an attack surface and create systemic cost risks at a time when geopolitical pressure on model access and cross-border data flows is already reshaping who controls the compute and token markets.

AI
View original source →