← Back to stories Detailed view of Ruby on Rails code highlighting software development intricacies.
Photo by Digital Buggu on Pexels
虎嗅 2026-03-11

Wild lobsters and domestically produced lobsters are not the same thing

The split: enthusiasm vs. caution

China’s biggest tech firms are racing to fold the open-source agent framework OpenClaw (nicknamed “龙虾” in Chinese coverage) into their products. Tencent (腾讯), Alibaba (阿里), ByteDance (字节跳动), Xiaomi (小米) and others want these agents everywhere — in apps, on clouds, on devices. At the same time, the Ministry of Industry and Information Technology (工信部) and the Cyberspace Administration of China (网信办) have issued sober risk advisories. Who is right? The answer isn’t binary. They are talking about two different beasts: raw, unprotected OpenClaw deployments versus productized, security‑hardened variants from major vendors.

What’s wrong with the raw OpenClaw

OpenClaw was designed for flexibility and extensibility. That’s great for developers. It is also a nightmare for security. It has been reported that third‑party plugins in the open framework can access chat context, call external APIs and read local files — and community incidents have reportedly shown plugins disguised as translators stealing tokens. Prompt‑injection defenses in the upstream project are minimal, data at rest is often stored unencrypted by default, and there is little in the way of audit logging. In short: capability without boundaries.

How big tech is “domesticating” the lobster

Major vendors are not merely rebranding OpenClaw; they are rebuilding safety layers. It has been reported that Tencent (腾讯) rolled out five lobster‑style products — including a WeChat‑linked QClaw — and reportedly uses sandboxed plugin containers, end‑to‑end encryption of dialog data and multi‑layer prompt‑injection detection. Alibaba (阿里) reportedly emphasizes model‑level safety on its Tongyi Qianwen (通义千问) stack with content filters and hallucination checks. Xiaomi (小米) is said to push computation into TEEs on its chips to keep sensitive inference on‑device. Cloud providers add strict RBAC, field‑level controls and full audit trails. All of this costs money; that’s the point.

Why it matters: policy and practice

Regulators’ warnings target the “do it yourself” adopters who run agents on personal machines or misconfigured servers — the home NAS running Docker that suddenly exposes corporate secrets. There is also a geopolitical backdrop: Western export controls on high‑end AI chips and a broader push for tech self‑reliance make domestically hardened stacks politically and economically salient. So which should you heed — the sandbox or the source tree? Ask where the agent will run, who pays for security, and whether the operator can live with the risk. Wild or farmed, a lobster is still a tool. Used well, it helps. Used poorly, it can break you.

AI
View original source →