In recent months, the market has witnessed an unexpected surge in the popularity of "raising lobster". This term originated from OpenClaw, an AI agent symbolized by a lobster, which has become synonymous with setting up and training smart assistants.

"Raising lobster" signals a paradigm shift in how individuals interact with and use AI and showcases the capacity of the Chinese market to embrace new AI technology applications. These AI agents empower individuals without coding expertise to develop functional applications swiftly, democratizing access to technological innovation.

The enthusiasm is palpable, with people lining up in some places to experience the latest AI agents, and tech companies such as Tencent, Minimax, Moonshot AI, and Alibaba unveiling their own versions — QClaw, MaxClaw, Kimi-Claw, and CoPaw.

While current AI agents are designed for the tech-savvy, the prospects for such "lobsters" are promising, and their development is accelerating. It is expected that they will eventually become a reliable tool in people's daily lives.

The rise of "claw-powered" businesses is likely to transform the way people approach tasks, enabling individuals to manage complex workflows that would otherwise require an entire team. This has given birth to the one-person company model, a novel form of smart economy that reflects an evolution in the division of labor and economic activity.

The Chinese government's emphasis on creating "new forms of smart economy" in this year's Government Work Report, along with the inclusion of AI Plus in the draft outline of the 15th Five-Year Plan (2026-30), also signals a strategic commitment to integrating AI into the nation's developmental framework.

However, amid this wave of innovation, it is imperative to acknowledge the latent security risks. As some in the market rush to embrace these technologies, the potential vulnerabilities associated with AI agents cannot be overlooked.

Cautions have been voiced against the perils of granting excessive data permissions to AI agents, which can expose users to data breaches, cyberattacks and compromised digital public services. The Ministry of Industry and Information Technology has issued a warning about the high security risks associated with improper configurations of OpenClaw deployments, emphasizing the need for stringent safeguards against cyber threats and information leaks.

And on Tuesday, the National Computer Network Emergency Response Technical Team, China's top cyber emergency response agency, also issued a risk alert over the "extremely fragile" default security settings of OpenClaw, noting that major domestic cloud platforms all offer one-click deployment services.

According to the team, some serious security risks have emerged due to the improper installation and use of OpenClaw. For example, multiple medium — and high-risk vulnerabilities in Open-Claw have already been publicly disclosed, which could be maliciously exploited, leading to serious consequences such as system takeover and the leakage of private information and sensitive data. Not to mention cyberattackers can embed hidden malicious instructions in a web page and induce OpenClaw to read it, which may trick the agent into exposing system keys from a user's device.

Apart from these technical and security risks, the ethical implications of AI agents such as OpenClaw also need to be considered. As these systems become more integrated into daily life, they raise questions about the boundaries of virtual and real-world interactions. The potential for AI to influence human behavior, either through addictive engagement or by altering perceptions of reality, necessitates a cautious approach to its deployment.

The phenomenon of "raising lobster" and the emergence of one-person companies, therefore, have also been the subject of discussions at the annual gatherings of the country's top legislature and political advisory body, underscoring their significance in the nation's technological and economic trajectory.

While the advent of AI agents and OPCs heralds a promising era of technological advancement and economic transformation, it is crucial to approach this landscape with a vigilant eye on security. Organizations and users should review public network exposure, permission settings and credential management, close unnecessary public access, and strengthen identity authentication, access control, data encryption and security auditing before deploying AI agents.