Select Language:
An industry watchdog supported by China’s central banking authority has issued a warning to financial institutions to exercise caution when deploying the open-source AI agent, OpenClaw, in financial applications. The warning highlights potential risks such as data breaches, financial losses, and compliance issues.
The National Internet Finance Association recently issued a risk alert emphasizing that internet finance companies handle highly sensitive information—such as customer funds, assets, accounts, and personal financial data—which makes them prime targets for cyberattacks and potential manipulation of financial transactions.
OpenClaw is an open-source artificial intelligence agent that by default operates with elevated system permissions and can directly control computer terminals based on natural language commands. Previously, security alerts from China’s industry and information technology ministry’s database and the country’s cybersecurity response team had raised concerns about the vulnerabilities associated with such technology.
A leading analyst from Botong Analysys explained that the recent surge in interest around open-source AI agents like OpenClaw is accelerating. However, their application in finance faces significant hurdles. Due to strict regulatory oversight, high risk levels, and the need for heavy accountability, financial institutions should remain cautious and avoid rushing to adopt new technologies without careful assessment.
Security and Financial Loss Risks
The association also warned that OpenClaw could lead to financial losses. The alert cited several medium- to high-risk vulnerabilities that attackers could exploit or combine with prompt-injection attacks to gain control of devices. Furthermore, its plugin system—called Skills—lacks robust community security reviews, and incidents involving malicious plugins have already been reported.
In a financial context, these vulnerabilities could be employed to steal sensitive data, such as online banking passwords, payment keys, and trading API credentials. Attackers might then access banking or securities trading systems to make unauthorized transactions, which could result in direct financial losses.
The association noted that some users have already utilized OpenClaw in financial scenarios like stock monitoring and investment strategy testing. Automated actions based on such AI tools might lead to erroneous fund transfers or unintended purchases of investment products, risking actual monetary losses. Additionally, since AI systems still lack full transparency, establishing liability in cases of automated financial transactions remains legally ambiguous.
Data Security and Compliance Concerns
OpenClaw’s design includes persistent memory functions, storing operational data continuously in local session logs and files. When integrated with large language models or other systems, relevant data may be transmitted externally. This data can include highly sensitive information such as credit histories, loan documents, and transaction records. If mishandled, such data could remain accessible beyond the intended scope, raising compliance concerns related to financial data privacy and security.
Moreover, malicious actors may exploit the agent by pretending to provide “installation help” or “remote diagnostics” to gain control of user devices, install malware, or extract confidential financial information. Reports indicate a rapid increase in AI-related financial scams, although public awareness about these emerging threats remains limited.
A security expert emphasized that the main advantage of open-source AI agents for finance is cost reduction and efficiency improvement through automation of repetitive tasks. Nonetheless, critical challenges must be addressed before these agents can be safely implemented in core financial operations. These include ensuring algorithm transparency and traceability, establishing clear accountability procedures, complying with strict data privacy standards, and incorporating human oversight and emergency shutdown controls to prevent irreversible issues.
ChatGPT
Perplexity
Gemini AI
Grok AI
