Open source automation tool OpenClaw promises powerful self-hosted AI capabilities, but governments and enterprises are restricting its use due to mounting data, privacy, and cyber-risk concerns.
Global software companies have shed more than $1 trillion in market value within a week, as disruption tied to Anthropic’s AI ecosystem and open source tools rattled enterprise technology stocks and triggered a broad sell-off.
Major players including ServiceNow, Salesforce and Microsoft were hit, while India’s software exporters index fell 6% on February 2, its worst session in nearly six years. Tata Consultancy Services, Infosys, HCL Technologies and Wipro led the decline.
At the centre of fresh policy concerns is OpenClaw, a self-hosted, open-source AI agent that China and South Korea are now warning companies against using due to security and data-privacy risks.
In South Korea, Kakao, Naver and Karrot Market have restricted or blocked the agent across corporate networks and work devices. Kakao said: “We have issued a notice stating that, in order to protect the company’s information assets, the use of the open-source AI agent OpenClaw is restricted on the corporate network and on work devices.”
China’s industry ministry stopped short of a ban but flagged insecure deployments and urged exposure reviews, strong authentication and tighter access controls.
Marketed as “the AI that actually does things,” OpenClaw runs directly on operating systems, browsing the web, editing files, executing commands and automating workflows through modular extensions. That deep system access, combined with community-built add-ons and limited central oversight, has alarmed enterprises.
Security firms SlowMist and Koi Security found hundreds of compromised extensions carrying infostealers, while Palo Alto Networks warned of a “lethal trifecta” of private data access, exposure to untrusted content and external communications.
The episode underscores a growing tension: open source AI autonomy offers speed and flexibility, but for large organisations, it is fast becoming a governance and security risk.
