Chinese government is warning about the AI agent that Nvidia CEO Jensen Huang calls 'The New Computer,' and engineers in the country have been lining up to install

The Chinese government is raising security alarms over OpenClaw, the open-source AI agent that has swept through the country's tech scene so fast that engineers have been standing in line—sometimes wearing lobster hats—just to get it installed on their computers.

The warnings are pointed. Cybersecurity regulators have told government agencies and state-owned enterprises to keep the software off their devices, citing risks of data leaks, accidental file deletion, and misuse of sensitive information. One person in China left OpenClaw running with access to their credit card, only to find the agent had maxed it out. A Meta safety executive watched helplessly as a bot speedran deleting her inbox.

An OpenClaw consultant in China told the FT he was already fielding more requests to remove the software than to install it.The backlash is striking because just weeks earlier, the mood was the complete opposite. Local governments were handing out subsidies and computing credits. Tencent ran a nationwide installation tour across 17 cities. Alibaba, ByteDance, Baidu, and Moonshot AI all rushed out their own versions of the tool.

And in the US, Nvidia CEO Jensen Huang was calling OpenClaw "the new computer" at GTC this week—comparing it to Linux, Kubernetes, and HTML as a foundational shift in how software gets built.

OpenAI CEO Sam Altman hired the tool's creator, Austrian developer Peter Steinberger, calling him "a genius."

From Shenzhen queues to government warnings—OpenClaw's month in China

That whiplash—from gold rush to government caution in the span of weeks—captures something real about where AI agents stand right now.

The technology is genuinely powerful. But it is also half-baked, poorly understood by most of the people using it, and comes with security risks that even its most enthusiastic backers are struggling to address.OpenClaw lets users deploy autonomous AI agents directly on their computers. These agents can read emails, browse the web, manage calendars, and run scripts with minimal human involvement. Unlike a chatbot, an agent keeps working in the background—and unlike most AI tools, it runs with deep access to your files, applications, and accounts.

Steinberger himself admitted on a podcast that he ships code he doesn't fully read.

The NYT reported that lines stretched across Shenzhen as people sought out engineers just to get it set up. Over 100 tech enthusiasts packed into a Beijing rooftop bar on a recent evening just to learn how to use it, per the FT.

Why Chinese tech giants from Baidu to ByteDance are all-in on 'The Lobster'

The phrase "raising a lobster"—a nod to OpenClaw's crustacean logo and the patience it takes to get agents trained—spread widely across Chinese social media.

And while everyday users were swept up in the hype, the real beneficiaries were the tech companies watching token usage explode. As Wired noted, a single active OpenClaw instance can burn through tens or even hundreds of times more tokens per day than a standard chatbot conversation—and every new user is essentially paying around the clock for LLM API calls.That explains why Tencent engineers were setting up tables outside headquarters offering free installations.

Alibaba, ByteDance, Baidu, and Moonshot AI have all released their own flavours—QClaw, ArkClaw, KimiClaw—each funnelling users toward their own cloud services and models. Baidu unveiled an entire family of "lobsters" this week spanning desktop, mobile, cloud, and smart-home devices.

Security risks are real—and even Nvidia CEO Jensen Huang knows it

For all the hype, the security picture remains genuinely ugly. Research firm Gartner called OpenClaw an "unacceptable" risk and advised companies to block all traffic related to it.

Cisco researchers described it as an "absolute nightmare." Meta banned it from employee laptops entirely. Bloomberg Opinion noted that anyone running OpenClaw is effectively handing it privileged access to their entire digital life—and a compromised instance means a hacker inherits all of it.Nvidia's answer is NemoClaw, an enterprise version of OpenClaw announced at GTC this week, with privacy controls and network guardrails built in. Anthropic takes an even more cautious approach with Claude Cowork, running agents inside a sandboxed virtual machine with restricted network access—though it remains unavailable in China, which partly explains why OpenClaw filled that vacuum so fast.