中国互联网金融协会提示“龙虾”风险

Core Viewpoint - The OpenClaw AI agent poses significant security risks in the internet finance sector due to its high system permissions and weak security configurations, which can be exploited by attackers to steal sensitive financial data and manipulate transactions [1][2]. Risk Manifestations - Financial Loss Risk: OpenClaw has disclosed multiple medium to high-risk vulnerabilities that attackers can exploit to gain control over devices, potentially leading to the theft of online banking passwords, payment keys, and securities trading API credentials, resulting in customer financial losses [1]. - Transaction Responsibility Risk: The autonomous execution capabilities of OpenClaw may lead to erroneous financial transactions, with unclear accountability for losses due to the lack of full interpretability in AI technology [2]. - Data Compliance Risk: OpenClaw's persistent memory function may lead to sensitive financial data being stored and potentially transmitted to third parties, raising compliance risks in financial data management [2]. - New Fraud Risks: Criminals may exploit the popularity of OpenClaw to conduct investment fraud, using deceptive tactics to lure individuals into downloading fake applications or transferring funds [2]. Prevention Recommendations - Consumer Caution: Financial consumers are advised to be extremely cautious when installing OpenClaw on devices used for online banking and financial transactions, and to avoid granting it operational permissions related to financial services [3]. - Awareness of Fraud: Consumers should remain vigilant against financial fraud activities that use terms like "AI stock trading" or "guaranteed returns," and ensure that all transactions are conducted through legitimate channels [4]. - Institutional Guidelines: Financial institutions should refrain from installing OpenClaw on devices handling customer information or financial operations, and should not input sensitive data into the AI agent [4]. - Security Training: Institutions are encouraged to incorporate the security management of AI applications like OpenClaw into their information security protocols and provide specialized training to employees to enhance their ability to identify and mitigate associated risks [4].