Lee Gyu-lee is a business writer at The Korea Times, focusing primarily on IT & telecommunications, the Ministry of Trade, Industry and Energy and KOTRA. Prior to this, she has covered a wide range of cultural news, from film, television and K-pop to lifestyle and fashion.
Top tech firms ban OpenClaw over security breach fears
A screenshot of the OpenClaw website / Captured from OpenClaw website
By Lee Gyu-lee
Major Korean tech companies, including Kakao, Naver and Karrot Market, are moving to restrict the use of the popular artificial intelligence (AI) agent OpenClaw within corporate networks due to the rising concerns about security and data privacy.
The move reflects mounting global caution around the autonomous agent that is capable of performing human-like tasks without direct supervision.
OpenClaw is a self-hosted, open-source AI agent designed to act as the “hands” of a large language model. While large language models such as OpenAI's ChatGPT or Google's Gemini serve as the brain that understands and reasons, OpenClaw carries out real-world actions, such as browsing the web, editing files, running system commands and interacting with online services through modular add-ons.
It rose to prominence after it was first introduced last November as an early-stage AI agent. However, concerns have grown that it can access sensitive corporate data or personal information, and that such access can create the potential for data leaks, system manipulation and cyberattacks.
Kakao, Naver and Karrot recently notified their employees, including developers, not to use the open-source agent.
“We have issued a notice stating that, in order to protect the company’s information assets, the use of the open‑source AI agent OpenClaw is restricted on the corporate network and on work devices,” Kakao said.
Naver has also banned OpenClaw within the company, while Karrot is blocking both the use and access to OpenClaw and Moltbot, citing risks that are difficult for the company to manage or control.
“(Tech) companies’ recent moves to restrict the use of open-source AI tools do not appear to reflect a lack of trust in the tools themselves, but rather a preemptive effort to manage data security and regulatory risks,” an industry insider said.
“It’s essentially about completely blocking the possibility that internal confidential information could be used to train external models, and about using AI only in environments where auditing and control are possible.”
gettyimagesbank
China has taken an even more proactive stance on restricting OpenClaw. The country’s industry ministry said it had identified cases where users were running OpenClaw with inadequate security settings and called for stronger safeguards.
While the warning does not amount to an outright ban, the ministry advised organizations using OpenClaw to rigorously review how it is exposed to public networks and to put in place strong authentication and access controls.
Security analysts argue that the main risk comes from OpenClaw’s ability to sidestep traditional access controls and directly handle data, unlike more contained cloud-based chatbots, which operate within centralized cloud environments. They warn that its open-source design and local execution model make it especially vulnerable.
Cybersecurity company Wiz recently flagged design flaws in OpenClaw-linked agents that left the personal data of thousands of users exposed.
Despite repeated warnings about security risks, OpenClaw’s convenience in automating complex tasks is driving growing popularity, with people purchasing a separate device, such as Mac minis, solely to run OpenClaw.
A community on X, formerly Twitter, for Korean users of OpenClaw has attracted more than 1,800 members who share user experiences and vulnerability mitigation tips.