National Industrial Information Security Development Research Center: Issued a Risk Warning Bulletin for OpenClaw Applications in the Industrial Sector

The National Industrial Information Security Development Research Center released a “Risk Early Warning Bulletin on the Use of OpenClaw in the Industrial Domain”: OpenClaw is currently accelerating the deployment of applications in the industrial domain across R&D and design, production and manufacturing, and operations and maintenance management. However, due to OpenClaw’s characteristics such as unclear trust boundaries, unified multi-channel access, flexible invocation by large models, and dual-mode persistent memory, if effective permission control strategies or security audit mechanisms are lacking, it may be maliciously taken over through instruction induction, supply-chain poisoning, and other methods, leading to a series of security risks such as loss of control of industrial control systems and leakage of sensitive information. Specifically, this includes the risk of industrial host privilege escalation and production loss of control; the risk of leakage of industrial sensitive information; and the risk of expanding the attack surface of industrial enterprises and amplifying attack impact. Therefore, it is recommended that industrial enterprises refer to relevant requirements such as the “Cybersecurity Protection Guidelines for Industrial Control Systems” and the “Administrative Measures for Security Classification and Graded Management of the Industrial Internet,” and, when deploying and applying OpenClaw, consult the “Six Do’s and Six Don’ts” recommendations already published by the Ministry of Industry and Information Technology’s cybersecurity threat and vulnerability information sharing platform (NVDB). Strengthen security protection measures, including improving control permission management; strengthening network boundary isolation; and ensuring vulnerability patch remediation.