Hong Kong Privacy Commissioner's Office Warns of "Shrimp Farming" Risks: OpenClaw and Other Agentic AI May Lead to Data Breaches

Daily Economic News Reporter | Li Xukui Daily Economic News Editor | Bi Luming

代理式 AI (artificial intelligence), represented by OpenClaw (an open-source AI agent framework, commonly known as “Lobster”), is raising concerns among relevant authorities due to privacy and security risks.

On March 16, the Office of the Privacy Commissioner for Personal Data of Hong Kong (hereinafter referred to as “Privacy Commissioner”) issued a statement on its official website, stating that it is closely monitoring the personal data privacy and security risks posed by OpenClaw and other agent-based AI, and calling on organizations and citizens to take adequate precautions before using such AI tools.

The Privacy Commissioner pointed out that, compared to general AI chatbots mainly used for text responses, content summarization, or generation, agent-based AI has a broader range of applications. Typically, these are high-permission AI agent tools that can be deployed on local devices or servers, capable of reading and writing local files, calling system resources, operating external services, and even executing multi-step tasks on behalf of users according to preset workflows—such as handling emails, booking restaurant reservations, or paying bills—without immediate user involvement.

It is precisely these high permissions and autonomous execution capabilities that make agent-based AI privacy risks much higher than those of ordinary AI chatbots. The Privacy Commissioner highlighted three main potential risks:

1. Excessive permissions may lead to large-scale exposure of personal data. Agent-based AI generally has higher preset access rights than AI chatbots, allowing access to user device files, emails, account credentials, and browser-stored content. If permissions are not strictly restricted, the AI could access a vast amount of personal data involving users or others, increasing the risk of unauthorized third-party viewing, copying, or leaking. Additionally, due to misinterpretation of user commands, the AI might mistakenly delete important user data, such as all email records.

2. System vulnerabilities as potential attack entry points. These high-permission agents that can access multiple systems and data sources pose significant risks to personal privacy and overall data security if there are design flaws or security lapses.

3. Risks of third-party plugins or hidden malicious code. If agent-based AI allows users to install various plugins or skills, and some of these are not thoroughly security-checked, malicious code could be embedded. Hackers could exploit this to invade and take control of user accounts, or even seize control of the entire computer system, leading to data leaks and exposure of sensitive information.

In response to these risks, the Privacy Commissioner recommends that organizations and citizens pay special attention to granting the minimum necessary permissions to agent-based AI, use the latest official versions, implement sufficient security measures, exercise caution when installing and using plugins or skills, and continuously assess risks when collecting, using, and processing personal data.

It is worth noting that, according to a review by Daily Economic News reporters, this is not the first time authorities have issued warnings regarding the installation of OpenClaw.

On March 13, the Digital Policy Office responsible for AI policy in the Hong Kong SAR government stated to the media that it had noted the uncertain security risks associated with OpenClaw and had already warned government departments not to install OpenClaw on computers connected to internal government networks.

On the same day, the National Cybersecurity and Information Security Information Notification Center issued a security risk alert for OpenClaw, mentioning that “a large number of exposed OpenClaw assets on the internet pose significant security risks and are highly likely to become targets of cyberattacks.”

On March 15, the China Internet Finance Association’s official WeChat account issued a reminder that, although OpenClaw can improve work efficiency, its default high system permissions and weak security configurations make it vulnerable to exploitation by attackers, potentially leading to data theft or illegal transaction manipulation, posing serious risks to the industry.

The China Internet Finance Association advised financial consumers to be extremely cautious when installing OpenClaw on devices used for online banking, securities trading, or payments. If installation is necessary, it is recommended not to grant operational permissions for financial service systems, to promptly follow up on OpenClaw vulnerability fixes, strictly control plugin installations, and avoid entering sensitive information such as ID numbers, bank card numbers, or payment passwords when not in use.

Additionally, several universities, including Henan Medical and Health Technicians College, Shanxi University of Applied Science and Technology, and Gansu Steel Vocational and Technical College, have recently issued notices prohibiting the use of OpenClaw within campus networks. Departments or faculty members who have already installed it are required to uninstall it immediately and completely.