BEIJING is, for a few weeks this year, an artificial intelligence tool called OpenClaw seemed like one of the hottest new things in tech. Entrepreneurs were flocking to it. Startups were trying it out. Some cities in China were offering subsidies and office space to entrepreneurs who would start companies based on it.
Then, suddenly, the Chinese government slammed on the brakes. It has told government departments and state-owned companies, including some of China’s largest banks, not to use OpenClaw on work computers because it poses security risks. The tool, Chinese regulators say, could share confidential information or hijack files if it gains broad access to computer systems. And, in fairness, that makes some sense. Unlike most chatbots, which simply respond to queries, OpenClaw is a doer. It can handle tasks in multiple apps, read and write emails, write computer code and perform other tasks. That means it needs to be granted extensive permissions, which is enough to make any cybersecurity expert nervous.
But here’s the thing: Even as the national government was signaling alarm about security risks, local governments in some of China’s most prominent tech hubs were actively encouraging people to use OpenClaw. The cities of Shenzhen and Wuxi, for example, have offered subsidies and computing power to startups that build on OpenClaw, as part of efforts to lure in developers and foster innovation. Which is it, then? Is China embracing AI, or rejecting it? As with so much in tech policy, the answer is complicated.
There is no doubt that Chinese officials want the country to dominate A.I. The government has been heavily promoting what it calls an “A.I. plus” strategy, under which companies should infuse A.I. into everything from manufacturing to health care. But in recent years, Beijing has also grown increasingly concerned about digital security, data and the use of software from foreign companies in critical computer systems. That’s where OpenClaw gets tricky. The open-source tool, which was created by an Austrian developer named Peter Steinberger, became a viral sensation earlier this year because it can be used to automate all sorts of complex tasks with minimal oversight. But while an A.I. agent may be fine for managing a to-do list or automatically generating jokes, it is a different story if it has access to a corporation’s internal systems or a government’s databases. Security researchers have also raised concerns about the tool. In some cases, they say, a poorly configured deployment could allow sensitive data to leak or even permit hackers to issue malicious commands.
So there are two things happening at once. One is a land rush of enthusiasm. Developers are scrambling to build what they call “one-person companies” using A.I. agents. The other is a note of caution. Regulators are asking a simple question that often arises when technology moves faster than the rules: Who, exactly, is in charge here? If you ask me, and, hey, a little analysis never hurt a news article, I think we might be seeing the first signs of growing pains around A.I. tools that can actually do things, rather than simply chat. This is what happened with social media. It’s what happened with cloud computing. It’s what happened with smartphones. Everyone jumps into the deep end of the pool first, then the lifeguards show up.
What happens next is unclear. China might crack down even harder on OpenClaw, or it might simply call for stricter security reviews before such tools can be used in sensitive government systems. But one thing does seem certain: The era of A.I. agents that can act, not just talk, is here. And if the OpenClaw saga is any guide, the big issue isn’t what they can do. It’s whether we’re ready for them to do it.