"Recently, half of the people in the office are talking about 'lobster farming', and half of them are learning how to 'lobster farming'." On March 13, Li Yao, product manager of an Internet company in Beijing, told reporters that the "lobster farming" that colleagues are talking about is not aquaculture in real life, but personalized training and deployment of the recently released open source AI agent framework OpenClaw. Because the icon is a red lobster, OpenClaw is commonly referred to as "lobster". Unlike ordinary AI, it can autonomously perform complex tasks such as file management, email sending and receiving, and data processing on user computers by integrating communication software and large language models. Why can this' lobster 'spark a nationwide craze? What are the safety risks of "raising lobsters"? A reporter from the Workers' Daily conducted an investigation and interview on this matter. As the first AI intelligent agent to attract public attention at the beginning of this year, many regions have introduced relevant support policies for "lobster". What are the special features of "lobster"? The core mode of ordinary AI is conversational, where users can only receive answers or operational steps after asking questions, while 'Lobster' is a typical 'doer'. Users only need to propose task objectives, and it can directly operate various tools to complete the entire process. ”The science and technology blogger "Follow Aliang to learn AI", who once worked in a first-line Internet factory, said to reporters, for example, that if he was asked to sort out important emails, he would automatically open the mailbox, filter the content and write a draft reply, "without the user's hands in the whole process". Yu Jingwen, an AI engineer at the AIIT Digital Creativity Laboratory at Peking University, said: "Unlike large language models such as ChatGPT, OpenClaw is not a simple chatbot, but a 'digital employee' who can obtain local operating system permissions, call various tools, plan steps according to natural language instructions, and automatically execute complex tasks. ”In the past, even with mature technology, AI big models were always limited to their respective fields and unable to achieve cross domain collaborative operation. The core advantage of 'Lobster' lies in its ability to break down barriers between big models in different fields, truly mobilizing the functionality and value of all big models. ”Yu Jingwen explained, "Therefore, it can be said that OpenClaw is a disruptive innovation with bridging and linking capabilities for the AI industry. ”Under the trend, many places actively responded. According to incomplete statistics, as of March 12th, many places including Longgang District in Shenzhen, Wuxi High tech Zone, Hefei High tech Zone, Changshu City in Suzhou, Qixia High tech Zone in Nanjing, and Xiaoshan District in Hangzhou have introduced relevant support policies for "crayfish", and some local governments have also launched free deployment services for "Little Dragon Shrimp" for the public. Under the enthusiasm of the public for raising shrimp, the experience of the first batch of testers was not always positive, despite the multiple safety hazards hidden in crayfish. Overall, it doesn't feel as magical as advertised online. ”Li Yao admitted that using "Lobster" well requires opening up control permissions for various applications on the computer. Out of caution, he did not open too many permissions, so he felt that the "effect is limited". Yu Jingwen analyzed that the core capability of OpenClaw lies in the operation and control of various applications and tools. To achieve this function, users must open up a large number of application authorizations, including email, office software, various platform backends, etc. It's like if you want someone to clean your home, you have to hand over the keys to all the rooms in the house to them, "she said metaphorically. Correspondingly, full application authorization may bring data leakage risks to individuals and enterprises deploying" Lobster ". On March 10, the Risk Alert on OpenClaw Security Applications (hereinafter referred to as the Alert) issued by the National Internet Emergency Center clearly pointed out that in order to achieve the ability of "autonomous task execution", the application was granted higher system permissions. However, due to its extremely fragile default security configuration, attackers can easily gain full control of the system once they discover a breakthrough. The "Tip" shows that as of now, OpenClaw has publicly exposed multiple high-risk vulnerabilities. Once these vulnerabilities are maliciously exploited by network attackers, they may lead to serious consequences such as system control, privacy information, and sensitive data leakage. For individual users, it can lead to the leakage of sensitive information such as privacy data (such as photos, documents, chat records) and payment accounts; for enterprises, it can lead to the leakage of core business data and trade secrets, causing incalculable losses, "Yu Jingwen analyzed. Zhou Zichuan, a practicing lawyer at Beijing Handing United Law Firm, stated that in order to complete user instructions, "Lobster" may directly or indirectly collect a large amount of various types of data across the entire network without control permissions. The amount of data obtained, access permissions, and data sensitivity often exceed the user's control range, which may seriously constitute the crime of illegally obtaining computer information system data and infringing on citizens' personal information. In addition, many users currently spend money to deploy 'Lobster' from third parties for convenience, but these third parties may not have the necessary security protection conditions, which can easily lead to device data exposure. Attackers can remotely control devices and steal sensitive information through malicious code execution and other means. ”Zhou Zichuan added. Amidst the trend, it is even more important to uphold the safety bottom line. This year's government work report proposes to deepen and expand "artificial intelligence+", accelerate the promotion of new generation intelligent terminals and agents, promote the commercial and large-scale application of artificial intelligence in key industries, and cultivate intelligent native new formats and models. The emergence of 'lobster' provides a new path for the landing application of AI intelligent agents. If it can be used in a standardized manner, the existing AI agents can be effectively utilized, greatly improving the work efficiency of individuals and enterprises. ”Yu Jingwen stated that the key to promoting the healthy development of "lobster" lies in balancing convenience and safety. The new technological features presented by AI agents such as' lobster 'make existing legal issues related to AI more complex. ”Zhou Zichuan gave an example, such as the most important issue of "unclear attribution of rights and responsibilities". When AI agents such as "Lobster" perform operations based on user instructions and cause infringement or other illegal and irregular behaviors, it is necessary for the law to further clarify how developers, deployers, and users should be held responsible and determine the magnitude of responsibility. For developers and service providers of AI products, Zhou Zichuan suggests that on the one hand, they should actively fulfill their compliance obligations under the Personal Information Protection Law and other regulations, such as ensuring that data processing logs meet the requirements of log retention and traceability. On the other hand, legal compliance awareness should also be enhanced in specific operations, such as strengthening AI permission management, enhancing prompt word review, etc., to reduce security risks. The Prompt issued by the National Internet Emergency Response Center also gives specific suggestions: when deploying and applying OpenClaw, relevant units and individual users should strictly isolate the operating environment, use containers and other technologies to limit the problem of too high OpenClaw permissions, strictly manage the source of plug-ins, and continue to pay attention to patches and security centers. Before 'raising lobsters', users first need to comprehensively evaluate its value and risks, determine whether they really need it to solve problems, and then decide whether to deploy it. ”Yu Jingwen reminds that during use, it is also necessary to do a good job in data partitioning and privacy protection, and not blindly follow the trend, exposing your privacy and data security to risks. (New Society)