The Digital Policy Office on Thursday warned of security risks associated with the popular open-source AI agent OpenClaw and urged appropriate precautions during deployment following mainland authorities’ move to restrict its use.
The office stated that it has been monitoring the latest developments in AI and has recently flagged potential risks associated with OpenClaw, including excessive permissions, data leakage, and system security.
It advised relevant organizations and individual users to adopt adequate security measures when deploying and using the software.
Recommended steps include strengthening network control and strictly isolating runtime environments to reduce the risk of excessive permissions.
It also suggested enhancing credential management, avoiding storing keys in plaintext in environment variables, and strictly managing plugin sources to ensure their credibility and security.
Users should also monitor official security updates and apply them promptly.
The government has formulated documents, including the Ethical Artificial Intelligence Framework and the Hong Kong Generative Artificial Intelligence Technology and Application Guidelines, to guide the safe and responsible use of AI.
It has also developed the Government IT Security Policy and Guidelines for compliance. All government departments must conduct risk assessments before installing any software.
OpenClaw, developed by Peter Steinberger last November, is an AI agent that can perform tasks for users, such as sending and receiving emails and scheduling meetings.
It has recently gone viral across the mainland. Bloomberg News reported on Wednesday that mainland authorities have instructed state-owned enterprises and government agencies to ban the installation of OpenClaw on office devices for security reasons.
