Hong Kong: Privacy Commissioner for Personal Data issued alert cautioning security risks related to use of OpenClaw and other agentic AI

On 16 March 2026, the Privacy Commissioner for Personal Data issued an alert cautioning about the privacy and security risks posed by OpenClaw and other agentic Artificial Intelligence (AI) systems. It highlighted that, unlike standard AI chatbots, agentic AI holds elevated access to local files, emails, account credentials, and browser-stored content, and can autonomously execute multi-step tasks without real-time user involvement, creating heightened risks of data breaches, malicious system takeovers, and unauthorised data access. The PCPD recommends that users grant only the minimum necessary access rights, download agentic AI from official channels, separate runtime environments from local devices, exercise caution when installing plugins, and adopt a human-in-the-loop approach where AI decisions may significantly affect individuals.