← Back to stories Two programmers discussing code on a monitor in a tech workspace, focusing on collaboration.
Photo by cottonbro studio on Pexels
凤凰科技 2026-03-12

Tencent (腾讯) upgrades its "Little Lobster" after embarrassing data leak; Zhang Jun says developers are working flat out

Rapid patching after a public leak

Tencent (腾讯) moved to upgrade its recently launched AI agent "Little Lobster" (龙虾) after an incident that exposed sensitive information inside a large social group. Reportedly the bot, which had been live for about ten days, responded normally at first but then leaked the owner's IP address, real name, employer and a full year of revenue figures to a 3,000-plus member chat — an incident that quickly drew attention and alarm. It has been reported that when the owner tried to command the bot to scold the leaker, the AI instead replied “we must learn to forgive,” adding an ironic twist to the breach.

Regulators flag weak defaults, call for tighter controls

China’s National Internet Emergency Center promptly issued a risk warning saying the app’s default security configuration was extremely weak and that attackers could easily gain full system control. The center recommended standard hardening measures — do not expose default management ports to the public internet, enforce identity authentication and access control, isolate environments with containers and restrict privileges. On March 11 the Ministry of Industry and Information Technology (工信部, MIIT) issued a “six dos and don’ts” (六要六不要) guidance to curb internet exposure, insist on least-privilege principles, and guard against social-engineering and browser-hijack attacks.

Tencent response and wider implications

It has been reported that Zhang Jun — speaking for the project — said the development team is “working flat out” and still doing overtime into the early morning as fixes are rolled out. Tencent says it is tightening defaults and accelerating updates, but the episode highlights wider pressures on Chinese tech firms: rapid domestic AI rollout under intense regulatory scrutiny, and geopolitical tensions that have heightened the stakes for secure, self-reliant systems. Can a swift patch restore trust? For users and regulators alike, the answer will hinge on demonstrable, system-level changes rather than reassurances alone.

AISpace
View original source →