夜雨聆风
OpenClaw, an open-source AI agent formerly known as Moltbot and Clawdbot, has experienced explosive growth in China, fueled by promotional campaigns from Tencent and Alibaba. This momentum reflects a broader industry shift from conversational models toward agents capable of executing real-world actions, a wave that originated in the United States and has now reached China.
The Chinese government has raised significant cybersecurity concerns. The Ministry of State Security warned that OpenClaw's broad permissions and cross-platform interactions create new vulnerabilities. Unlike traditional threats, these "lobsters" lack professional maintenance mechanisms, and attackers may exploit malicious plugins to bypass controls and exfiltrate sensitive data with stealth exceeding conventional trojans.
Security experts emphasize the importance of implementing least privilege principles, sandboxing deployments, and maintaining comprehensive audit logs. The National Computer Network Emergency Response Technical Team warned specifically about "prompt injection" attacks, where hidden malicious instructions embedded in web pages can trick the AI into harmful actions. As agentic AI systems evolve toward greater autonomy and agent-to-agent collaboration, the absence of comprehensive governance frameworks comparable to the EU AI Act leaves China's regulatory landscape uncertain, prompting authorities to restrict deployment in government bodies and state enterprises.
“开爪”人工智能在中国引发热潮
“开爪”(OpenClaw),前身为“蜕壳机器人”(Moltbot)和“蟹爪机器人”(Clawdbot),是一款开源人工智能体。在腾讯和阿里巴巴的推广活动推动下,它在中国实现了爆发式增长。这一发展态势反映了行业的一个普遍转变,即从对话式模型转向能够执行现实世界行动的智能体,这股浪潮起源于美国,如今已蔓延至中国。
中国政府对此提出了重大的网络安全担忧。国家安全部警告称,“开爪”广泛的权限和跨平台交互会产生新的安全漏洞。与传统威胁不同,这些 “龙虾”(暗指该人工智能体相关隐患)缺乏专业的维护机制,攻击者可能利用恶意插件绕过控制,并以比传统木马更高的隐蔽性窃取敏感数据。
安全专家强调实施最小权限原则、进行沙盒部署以及维护全面审计日志的重要性。国家计算机网络应急技术处理协调中心特别对 “提示注入” 攻击发出警告,即嵌入网页中的隐藏恶意指令可能诱使人工智能执行有害操作。随着智能体人工智能系统朝着更高自主性和智能体间协作的方向发展,由于缺乏类似于《欧盟人工智能法案》这样全面的治理框架,中国的监管前景尚不明朗,这促使有关部门限制其在政府机构和国有企业中的部署。
open - source [ˈəʊpən sɔːs]:adj. (计算机软件)开源的 explosive [ɪkˈspləʊsɪv]:adj. 爆炸(性)的;爆发性的;极易引起争论的;n. 炸药;爆炸物 vulnerability [ˌvʌlnərəˈbɪləti]:n. 弱点;易受攻击;脆弱性 malicious [məˈlɪʃəs]:adj. 恶意的;恶毒的;蓄意的 exfiltrate [ˈeksfɪltreɪt]:v. (通过秘密路线)偷偷撤离;偷运出;渗出;滤出 trojan [ˈtrəʊdʒən]:n. 特洛伊木马;(计算机的)特洛伊木马程序;adj. 特洛伊人的;特洛伊战争的;(计算机程序)特洛伊木马的 sandbox [ˈsændbɒks]:n. (供儿童玩的)沙箱,沙坑;(为计算机软件提供测试环境的)沙盒;v. 把(计算机程序、文件等)置于沙盒中运行 prompt [prɒmpt]:v. 促使;推动;提示;n. 提示;提示符;催款单;adj. 迅速的;敏捷的;立刻的
