AI Lobster | ByteDance Releases Internal Security Standards Pushes ByteClaw

Mainland Chinese media report that ByteDance’s security team recently released the “OpenClaw Security Standards and Usage Guidelines” internally, simultaneously launching ByteClaw for employees.

This service is built on Volcano Engine ArkClaw Enterprise Edition, enabling unified authentication, access control, and permission management under the company’s account system, supporting secure internal resource access for employees.

The “Security Standards” point out that OpenClaw has five common risks: improper access control settings, prompt injection, sensitive information theft, supply chain vulnerabilities, and malicious plugin poisoning. Specific security requirements and configuration guidelines are provided for each. ByteDance’s security team recommends employees prioritize using compliance tools like ByteClaw, which have completed security baseline configurations and can be centrally managed on cloud platforms for ongoing security risk prevention.

The “Security Standards” also emphasize that OpenClaw-like tools should not be installed or used on core production environments such as business servers to avoid resource conflicts or security incidents; employees are advised not to install related tools locally on office computers. If there is a work-related need, strict adherence to security configuration guidelines and compliance setup must be completed before use.