"Lobster" security issues highlighted, Realtime Connect hits over 1.5 billion in sealed orders and hits the second consecutive limit-up

On the morning of March 11, some information security concept stocks were active. Risconda (603803.SH) surged to the daily limit with over 1.5 billion yuan in buy orders at the open, marking its second consecutive limit-up. Sino-i (002467.SZ), 360 Security (601360.SH), FiberHome Technologies (600498.SH), TianRongXin (002212.SZ), TongDing Internet (002491.SZ), Wangsu Science & Technology (300017.SZ), and others followed the rally.

In news, on March 10, the National Internet Emergency Center issued a risk alert regarding the OpenClaw security application. Recently, OpenClaw (also known as “Little Lobster,” formerly Clawdbot, Moltbot) has seen explosive downloads and usage, with mainstream domestic cloud platforms offering one-click deployment services. This intelligent agent software directly controls computers based on natural language commands. To enable “autonomous task execution,” the app is granted high system permissions, including access to local file systems, environment variables, external service APIs, and installation of extensions. However, due to its default security configuration being extremely fragile, attackers can easily gain full control of the system once a breach point is found.

Earlier in February, the National Vulnerability Database (NVDB) monitored that some instances of the open-source AI agent OpenClaw posed high security risks under default or improper configurations, which could lead to cyberattacks and information leaks. Because OpenClaw’s deployment involves “blurred trust boundaries” and it has features like continuous operation, autonomous decision-making, and system/external resource calls, lacking effective permission controls, audit mechanisms, and security hardening could result in privilege escalation, information leakage, and system takeover through command manipulation, configuration flaws, or malicious hijacking. It is recommended that relevant organizations and users thoroughly check exposure to public networks, permission settings, and credential management when deploying and using OpenClaw, disable unnecessary public access, improve security measures such as authentication, access control, data encryption, and security auditing, and stay updated with official security notices and hardening suggestions to prevent potential cybersecurity risks.

On March 10, UCloud (688158.SH) announced that its lightweight cloud hosting products based on the OpenClaw image have not yet formed a scaled product system. The progress of technological iteration and commercialization may fall short of expectations. OpenClaw and other autonomous AI agent frameworks are still in early development stages, with uncertain future market potential, technological stability, and data security. Several cloud service providers have launched similar products, leading to intense market competition. The contribution of these products to the company’s future performance is highly uncertain.

Wanguo Securities believes that the recent popularity of OpenClaw reflects market interest and demand for “proactive automation” agents. As agent performance improves, computing power demand will also remain high. With the deployment of AI applications, data privacy and security protections need to be enhanced, and the AI governance industry is expected to accelerate development. This week, we suggest focusing on the accelerated deployment of intelligent agents, which will further increase token usage, drive demand for computing power and electricity, and promote ongoing AI governance. From a medium- to long-term perspective, continue to focus on the AI industry and data industry as the main investment themes.