Hong Kong government workers warned not to install OpenClaw due to security risks

Hong Kong authorities have issued a formal directive warning government workers against installing the AI agent OpenClaw, citing significant security vulnerabilities. The government's Digital Policy Office (DPO) confirmed to the South China Morning Post that it has reminded all bureaus and departments not to install OpenClaw or its variants on any machines connected to government internal network systems. While no specific security incidents have been reported, the DPO highlighted potential risks including unauthorized data access, data leakage, and system intrusion. The advisory reflects growing official concern over the security posture of the popular AI tool.

This move by Hong Kong follows a wave of similar restrictions imposed by mainland Chinese entities, including several brokerages, banks, and government bodies, which have begun limiting employee access to OpenClaw. In response to the mounting concerns, authorities recently released a set of six security guidelines, or 'dos and don'ts,' for organizations that choose to use the agent. These guidelines recommend users stick to the most recent official version, minimize internet connectivity or exposure, and allow the fewest permissions necessary. The Hong Kong Monetary Authority (HKMA) has aligned with this cautious stance, explicitly stating it has no plans to deploy OpenClaw on its internal IT systems, underscoring the financial sector's particular sensitivity to the tool's perceived risks.