The OpenClaw "Lobster Craze" in China and Subsequent Security Bans

In March 2026, the artificial intelligence landscape witnessed a phenomenon dubbed the "Lobster Craze" across China. OpenClaw, the open-source AI agent framework, saw an explosion in adoption among domestic users and tech behemoths alike, driven by its powerful GLM-5 and local AI model integration. However, this rapid scaling quickly hit a wall of stringent security audits and government warnings.

The Rise of the "Lobster Craze"

OpenClaw's ability to act as an autonomous agent—drafting reports, managing complex email threads, and automating software workflows—made it an instant hit. Chinese tech giants, including Tencent, Alibaba, and Baidu, actively began supporting its deployment within their ecosystems. Furthermore, manufacturing hubs like Shenzhen and Hefei offered multi-million yuan subsidies to developers building industrial solutions on top of the framework.

Unlike traditional chatbots, OpenClaw's capacity to interface directly with local file systems and external APIs (like Feishu/Lark) provided tangibly higher productivity. The open-source nature of the project also fueled local modifications, completely bypassing reliance on restricted Western APIs.

The Security Backlash: CERT Warnings and "ClawJacked"

The honeymoon phase was short-lived. As the agent's footprint grew, its highly permissive default configurations caught the attention of China's National Computer Network Emergency Response Technical Team (CERT).

The core issues centered around:

1. System Access: OpenClaw requires broad filesystem and network access to function as intended, creating a wide attack surface.
2. The "ClawJacked" Exploit: Security researchers uncovered tens of thousands of exposed, vulnerable instances online. The critical CVE-2026-25253, a Remote Code Execution (RCE) flaw, allowed attackers to hijack AI assistants completely. Read more in our CVE-2026-25253 Security Alert.
3. The GhostClaw RAT: Malicious actors began distributing remote access trojans masking as OpenClaw installers, aiming to harvest credentials and intellectual property from eager adopters.

These vulnerabilities led to warnings that OpenClaw's default state was "extremely fragile." In response, state authorities and CERT issued directives restricting or outright banning the use of OpenClaw within government agencies and State-Owned Enterprises (SOEs). The fear of unauthorized external communication and data exfiltration outweighed the productivity benefits for highly sensitive sectors.

The Aftermath: Uninstall Services and Hardening

Interestingly, the security panic birthed a new micro-economy. Freelancers who previously charged for OpenClaw installation services pivoted to offering paid "uninstall" and "sanitization" services for businesses scrambling to comply with the new security directives.

For those continuing to use OpenClaw, migrating to the latest v2026.3.11 release and implementing robust security best practices—such as Docker isolation and restrictive API permissions—is no longer optional; it is mandatory.

The "Lobster Craze" serves as a stark reminder: as we hand over more autonomy to digital agents, the baseline for default operational security must rise exponentially.