National Industrial Information Security Development Research Center: Release Risk Warning Bulletin for Industrial Sector OpenClaw Applications

The National Industrial Information Security Development Research Center has issued a "Risk Warning Notice on the Application of OpenClaw in the Industrial Field": OpenClaw is currently accelerating its deployment in various stages such as research and design, production and manufacturing, and operations management in the industrial field. However, due to the characteristics of OpenClaw such as fuzzy trust boundaries, unified access through multiple channels, flexible invocation of large models, and dual-model persistent memory, once effective permission control strategies or security audit mechanisms are lacking, it may be maliciously taken over due to instruction induction, supply chain poisoning, etc., leading to a series of security risks such as loss of control of industrial control systems and leakage of sensitive information. Specific risks include unauthorized access to industrial hosts and loss of production control risks, risks of leakage of industrial sensitive information, and risks of expanding the attack surface and amplifying attack effects for industrial enterprises. Therefore, it is recommended that industrial enterprises refer to the "Industrial Control System Network Security Protection Guidelines" and the "Industrial Internet Security Classification and Grading Management Measures" and other relevant requirements, refer to the "Six Do's and Don'ts" suggestions already published on the Ministry of Industry and Information Technology's Network Security Threat and Vulnerability Information Sharing Platform, strengthen security protection measures when deploying and using OpenClaw, including strengthening control permission management, strengthening network boundary isolation, and carrying out vulnerability patch fixes.