A "Lobster" stirs up the investment research circle: Financial institutions issue urgent internal risk alerts

◎ Liu Yuxi Reporter Xu Wei

Recently, a “lobster” has gone viral beyond its niche. This is an AI agent called OpenClaw, named for its icon resembling a lobster. Recently, many brokerage firms’ quantitative teams have been releasing operational guides and hosting sharing sessions, with far more participants than usual, including public and private funds, insurance asset managers, and listed company clients.

Unlike cloud-based large models, OpenClaw runs entirely locally, with system permissions equal to the user’s. It can handle emails, write code, and even shop automatically, like a digital butler. But for research and investment personnel, the most attractive feature is whether it can free them from tedious daily tasks. For investors, the more important question is whether it is opening a new window for investment opportunities.

Just as this “gold rush” heats up, on March 10, the National Internet Emergency Center issued a security application risk warning for OpenClaw: in critical industries like finance and energy, it could lead to leaks of core business data, trade secrets, and code repositories, or even cause entire business systems to crash, resulting in incalculable losses.

Meanwhile, multiple financial institutions have issued urgent internal alerts warning of cybersecurity risks associated with OpenClaw, strictly prohibiting installation and use on company devices, sounding an alarm for this technological frenzy.

“Lobster” on duty: liberating research productivity

The value chain of research and investment typically includes information processing, research production, and decision support. In the past, research staff spent a lot of effort on repetitive low-value tasks like data cleaning, announcement sorting, and report formatting. For example, when conducting event-driven or fundamental analysis, teams had to manually open, read, extract, and summarize massive announcements daily.

OpenClaw hits exactly this pain point. It can automatically run an entire process through dialogue: daily fetching announcements, classifying and recognizing, extracting key information, and outputting structured results. The system first determines date and data availability, then pre-screens titles, concurrently parses PDF content to extract amounts, entities, event status, and key sentence summaries, and finally sorts by business priority to generate Excel summaries and message texts for morning meetings, intraday, and review.

This is the fundamental difference between OpenClaw and traditional AI tools. According to research from Guojin Securities, traditional agent tools are easier than coding but still require users to manually design each step of the workflow. OpenClaw achieves automation of tool chaining, allowing process design and scheduled execution through just dialogue.

In tests by Founder Securities’ quantitative team, OpenClaw demonstrated high efficiency and completion in multiple financial scenarios: connecting to financial data interfaces like Tonghuashun, Mikuang, Wind, building classic PB-ROE stock selection strategies, “cup-and-handle” pattern strategies, and even fully automated factor mining and backtesting.

Zhejiang Securities stated in a research report that the core value of OpenClaw in research is to free people from physical information processing tasks, enabling them to focus more on strategy innovation, complex judgment, and value creation. “For active research practitioners, it is an efficiency lever; for quantitative researchers, a strategy accelerator; for individual investors, a tool for equalizing capabilities,” the report said.

Security “clampdown”: hidden dangers behind the frenzy

But “raising lobsters” is not without risks. Several brokerage teams have pointed out technical flaws in OpenClaw. For example, the “hallucination” problem of large models still exists; AI outputs may vary or be incorrect under different times or prompts. Model updates and new feature development may also lead to different conclusions.

Most concerning are security risks. Dongwu Securities’ report notes that OpenClaw is still in early stages, with an immature ecosystem, controversial permission design and security boundaries, and third-party skills (modules supporting OpenClaw, similar to “plugins”) of uneven quality, some potentially containing malicious code. Guojin Securities also warned that OpenClaw has high system permissions, capable of accessing all files on a computer. If users later want to open it to the internet, strict permission restrictions are necessary.

Recently, many brokerages have issued internal warnings about security risks. Some have stated that OpenClaw presents trust boundary ambiguities, permission abuse, and core information leaks, making it vulnerable to unauthorized operations or malicious takeover, posing serious threats to network and information security. Some explicitly prohibit employees from installing or using OpenClaw on company computers, servers, or other assets, and require personal computers with the program installed not to connect to the company network, along with installing genuine antivirus software and keeping it updated.

“Gold rush” begins: who is selling “shovels” at the peak?

“Recently, market attention to OpenClaw has increased significantly. The number of institutional clients actively signing up for research and application training has far exceeded previous similar activities. Participants mainly include public funds, private funds, brokerage asset management, proprietary trading, insurance asset managers, and some listed company clients,” Wei Jianrong, deputy director of the Open Source Securities Research Institute and chief analyst of financial engineering, told Shanghai Securities News. “Investors are generally concerned about the practical implementation and research application value of new technologies.”

Looking back, each wave of technological tool innovation has created two types of opportunities: first, for the tool users; second, for the “shovel sellers” providing infrastructure and services. OpenClaw’s open-source nature means it is not a direct commercial target, but the demand it spurs is fermenting.

First, as more people start “raising lobsters,” the demand for computing power will explode. According to research from Industrial Securities, benefiting from the OpenClaw craze, from March 2 to March 8, 2026, three of the top five models by call volume on the OpenRouter platform were from Chinese vendors, accounting for 65% of total calls among the top five, with token consumption reaching about 13.7T, a significant increase year-over-year. OpenClaw is evolving from a single open-source project into an industry-level engine driving hardware upgrades and cloud service restructuring. The structural shift in computing demand will reshape the AI infrastructure landscape, with CPU concurrency and unified memory architecture becoming new core competitive advantages.

The other side of risk is also an opportunity. Potential security vulnerabilities, permission management issues, and uneven quality of third-party skills highlight a developing service market. Guolian Minsheng Securities’ report states that enterprise-level OpenClaw deployment must overcome three major hurdles: knowledge integration, security sandboxing, and API access to business systems. Cloud providers offering customized AI platforms, security protections, and persistent storage are expected to widen profit margins.

“We see many clients needing deployment assistance,” said Gao Zhiwei, chief analyst of financial engineering at Guojin Securities. “OpenClaw represents a more powerful agent framework. The industries benefiting from it, such as cloud deployment and security services, are emerging. No company will easily allow agents to access files, financial systems, or trading platforms without robust security measures.” However, he believes that domestic computing power and related industries are accelerating development, and overall issues are improving positively.