(Yicai) March 17 -- An industry watchdog backed by China’s central bank has warned financial institutions to exercise caution when applying the open-source AI agent OpenClaw in financial scenarios, citing potential risks including data breaches, financial losses, and compliance challenges.

The National Internet Finance Association recently issued a risk alert noting that internet finance firms directly handle highly sensitive information such as customer funds, assets, accounts, and personal financial data, making them attractive targets for cyberattacks and potential manipulation of financial transactions.

OpenClaw, an open-source artificial intelligence agent, by default obtains high-level system permissions and can directly control computer terminals based on natural language instructions. Previously, the China National Vulnerability Database under China’s industry and information technology ministry and the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) also issued security warnings about related risks.

Wang Pengbo, chief analyst at Botong Analysys, told Yicai that the recent surge in interest in open-source AI agents sparked by OpenClaw is accelerating, but their suitability for the financial sector faces serious challenges. Given the industry’s strong regulatory oversight, high risks, and heavy accountability requirements, financial institutions should remain highly cautious and avoid blindly following technology trends, he said.

Security and Financial Loss Risks

The NIFA also warned that OpenClaw could create risks of financial losses. According to the alert, multiple medium- to high-risk vulnerabilities have already been disclosed, which attackers could exploit or combine with prompt-injection attacks to gain control of devices. Meanwhile, its functional plugins, known as Skills, lack effective community security review mechanisms, and several incidents involving malicious plugins have already been reported.

In financial scenarios, such risks could be used to steal sensitive information, including online banking passwords, payment keys, and securities trading application programming interface credentials, potentially enabling attackers to log into banking or securities trading systems and initiate unauthorized transactions, directly causing losses to customer funds.

The NIFA noted that some users have already applied OpenClaw in financial use cases such as stock monitoring and investment strategy back-testing. Automated execution could result in erroneous fund transfers or unintended purchases of investment products, potentially causing real financial losses. The association added that current AI technology still lacks full explainability, making it difficult to determine liability in automated financial transactions and leaving significant legal uncertainty.

Data Security and Compliance Risks

The OpenClaw agent also features persistent memory functions, with operational data continuously stored in local session records and memory files. When the agent connects to large language model application programming interfaces or performs other operations, relevant data may be transmitted to third parties. Such data may include highly sensitive materials such as credit records, loan approval documents, and transaction histories. Once such data enters AI processing workflows, the scope of access and retention periods could exceed the limits necessary for the original business purpose, creating financial data compliance risks.

In addition, criminals may attempt to gain control of consumer devices under the pretext of offering “installation assistance” or “remote debugging,” enabling them to implant malicious software or steal sensitive financial information. Relevant reports show that AI-related financial fraud cases are rising rapidly, while public awareness of such emerging fraud tactics remains limited.

Wang added that the biggest advantage of open-source AI agents for the financial sector lies in their ability to reduce costs and improve efficiency by automating large volumes of repetitive and rule-based auxiliary work.

However, several key barriers must be addressed before such agents can enter core financial scenarios. These include algorithm explainability and traceability to eliminate “black box” risks, clear accountability mechanisms, financial-grade data compliance and privacy protection systems, and mandatory human intervention and circuit-breaker controls to prevent irreversible risks, Wang concluded.

Editor: Emmi Laine