China: National Computer Network Emergency Response Technical Team issued advisory on OpenClaw highlighting security risks including system vulnerabilities and data exposure concerns

On 12 March 2026, the National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC) issued an advisory on OpenClaw, highlighting that the Artificial Intelligence (AI) agent software operates with high-level system privileges and has weak default security configurations that may allow attackers to gain full system control. The advisory applies to organisations and users, particularly in sensitive sectors including finance and energy, and identifies risks including hint injection attacks leading to leakage of system keys, accidental deletion of critical data due to misinterpretation of user commands, malicious or unverified plugins capable of stealing credentials or installing backdoors, and exploitation of multiple disclosed high- and medium-risk vulnerabilities. It was stated that the vulnerabilities may result in system compromise and exposure of private data, payment accounts, trade secrets, and code repositories. CNCERT/CC recommended immediate mitigation measures, including restricting exposure of management ports, enforcing authentication and access controls, isolating runtime environments, securing credential storage, auditing logs, limiting plugins to trusted and verified sources, and applying security patches and updates.