On a Friday afternoon in early March, nearly a thousand people queued outside Tencent’s headquarters in Shenzhen to get a piece of software installed on their laptops. This wasn’t a product launch. There was no ticket, no merchandise, no celebrity. Engineers from Tencent’s cloud unit were simply helping people – students, retirees, office workers, and at least one retired aviation engineer – deploy an open-source AI agent. The queue stretched across the north plaza. Some attendees had flown in from Hangzhou the night before. Others were squeezing it into a lunch break. The software they had come for was called OpenClaw, and understanding potential AI risks in China market entry has not been the same conversation since.
The tool was built by an Austrian programmer named Peter Steinberger & released in late 2025. It gained 9,000 GitHub stars on its first day, surpassed 100,000 within a week, and has since become the fastest-growing open-source project in GitHub history, overtaking both Linux and React. It has a red lobster as its logo.
In China, installing and running it quickly earned a nickname that spread from developer forums to state media to street-level slang: 养龙虾, yǎng lóngxiā, meaning “raising the lobster.” In March 2026, on the sidelines of Nvidia’s GTC conference in California, CEO Jensen Huang described it as “the most successful open-source project in the history of humanity” and “definitely the next ChatGPT.” Steinberger himself has since joined OpenAI. The Austrian angle, as we will come to, carries an irony that European brands will not find entirely comfortable.
If you sell consumer goods into Asian markets, or are planning to, you might be wondering what any of this has to do with you. The answer is: rather more than you might expect.
Table of Contents
What OpenClaw Actually Does (and Why That Matters)
OpenClaw is not a chatbot. This distinction is important and worth spending a moment on, because the gap between “chatbot” and “autonomous agent” is where all the interesting and consequential things happen, and you might not really understand the difference yet.
A chatbot responds to prompts. You ask it something, it answers, and then it waits. OpenClaw does considerably more than that. It reads files, browses the web, executes commands, manages calendars, sends emails, and runs tasks continuously in the background without being asked again. The phrase used in its product documentation is that it “actually does things,” which is either reassuring or seriously alarming depending on what data it has access to at the time & your perspective on controlling your own data.
The “raising” metaphor is more apt than it might appear. Users describe running an OpenClaw agent as requiring ongoing attention: so you feed it tokens (the computational currency that powers its activity), train it with new skills, and monitor its performance. It behaves less like a search engine and more like a junior colleague you have given the keys to your inbox, your calendar, your file system, and your laptop. A junior colleague who never sleeps, never asks for clarification, and will follow instructions embedded in a WhatsApp message if someone clever enough has put them there. But I’ll come back to that shortly.
Why China Moved First, and Why It Moved This Fast
The OpenClaw phenomenon is not simply a reflection of Chinese enthusiasm for new technology, though that enthusiasm is genuine and structurally embedded in how the market operates. The deeper explanation lies in a specific bottleneck that has frustrated enterprise AI adoption in China for years.
Chinese large enterprises average more than 150 independent IT systems, according to TMTPost’s analysis of the market. Roughly 60% of these are legacy platforms with no API documentation, no maintenance contracts, and no open interfaces. In Western markets, deploying an AI agent typically means mapping APIs, restructuring permissions, coordinating between vendors, and rebuilding data pipelines. OpenClaw bypasses this entirely. Because it operates at screen level through visual recognition, identifying buttons, text fields, and input boxes, then simulating mouse clicks and keyboard inputs, it does not need API access. It simply watches the screen and acts. For enterprises trapped behind closed legacy systems, a slow workaround that takes three minutes to complete a task beats no workaround at all.
The economics accelerated adoption further. Chinese domestic AI models from providers like Kimi, MiniMax, DeepSeek, and Zhipu run at 60 to 80% lower cost than Western alternatives. OpenClaw is computationally hungry: a single active session can exceed 200,000 tokens, and a power user can consume 50 million tokens in a day. This makes it what one analysis from 36Kr memorably called a “token black hole.” For Chinese cloud providers, this was not a problem to be managed. They saw it far more as a business model to be accelerated. Tencent Cloud, Alibaba Cloud, ByteDance’s Volcano Engine, JD Cloud, and Baidu all launched one-click OpenClaw deployment within weeks of the project going viral. The installation is free. The cloud server rental, bandwidth, and API calls are not. Chinese AI stocks reflected the scale of the opportunity this week (18th March 2026): following Jensen Huang’s GTC comments, MiniMax surged 29% and Zhipu climbed 23% in Hong Kong trading.
Local governments joined in with the kind of speed that tends to concentrate European minds. Shenzhen’s Longgang district proposed subsidies of up to 10 million yuan for what is being called the “super individual” business model, where a single founder augmented by AI agents operates what would previously have required an entire team. Wuxi offered between one and five million yuan for innovative industrial applications. Hefei followed with similar measures. This is deliberate, state-adjacent infrastructure investment for an agent-native economy that we’re seeing here.
The South China Morning Post reported a Shenzhen-based product manager at a major finance group saying her company adopted OpenClaw and managers immediately threatened staff with replacement if they did not use AI.
Among OpenClaw users globally, the three most-used language models over the past month are all Chinese, and the broader ecosystem developing around OpenClaw in China shows how quickly foreign technologies can be localised, adapted, and commercialised. OpenClaw is not a foreign tool that China adopted. It is a foreign tool that China has already made its own, faster than anyone expected. That distinction matters for any brands who assume they understand how Chinese markets absorb new technology.
The cultural dimension is worth noting too. Chinese official media, explaining why no equivalent OpenClaw craze emerged in the West, pointed to strict data privacy regulations and higher computing costs, framing cheap APIs as a comparative advantage unique to China. This framing is revealing. The absence of strong data privacy regulation is being positioned as a feature of the market rather than a gap to be filled. European brands entering China need to understand that they are operating in a market that has consciously chosen a different trade-off between utility and privacy, and that this choice is structural, not accidental.
Now add Alibaba’s move this week. The company launched Wukong, an enterprise AI agent platform built on its Qwen model and designed to manage multiple agents across business workflows simultaneously. Planned integrations include Taobao, Tmall, Alipay, and DingTalk, which already serves more than 26 million corporate users. Tencent’s QClaw, its own OpenClaw-derived agent, integrates directly with WeChat. The pattern is clear: China’s tech giants are not merely adopting OpenClaw. They are racing to embed agentic AI into the infrastructure through which your products are discovered, ordered, and paid for.
In plain English:
In plain terms, this means that the apps and platforms your Chinese consumers already use every day to shop, pay, and communicate are being quietly rewired so that an AI assistant can operate them on the consumer’s behalf. Instead of a person opening Taobao, searching for your product, and deciding to buy it, an AI agent may soon be doing that entire sequence automatically, based on instructions the consumer set once and then forgot about.
Potential AI Risks in China Market Entry: The Conversation Your Supply Chain Is Not Having
Here is where the Austrian connection becomes quietly ironic. Peter Steinberger, who built OpenClaw from Vienna before joining OpenAI, has inadvertently created the most significant AI risk in China market entry exposure currently facing European brands with Asian operations, and most of them have no idea it exists.
The obvious risk is the tool’s own vulnerabilities, which are well-documented and genuinely serious. Kaspersky’s analysis identified documented high-severity flaws, including one (CVE-2026-25253) that allows attackers to steal authentication credentials and take administrative control of the affected system. Researchers at Shandong University found that OpenClaw’s native architecture successfully blocks sandbox escape attacks, where the agent is tricked into accessing areas of a computer it should not be able to reach, only 17% of the time. Put differently, it fails to stop them 83% of the time.
Trend Micro’s security team identified what they called the “Lethal Trifecta” of access, untrusted input, and exfiltration, to which they added a fourth element unique to agents: persistence. Unlike a chatbot, OpenClaw remembers every interaction, which means a malicious instruction planted in the system today might not trigger its effects until weeks later. Their “Good Morning” attack demonstration showed that a single WhatsApp message containing hidden instructions could direct the agent to locate, compress, and send sensitive files to an outside party, without the user seeing anything unusual.
The Moltbook incident, where a security failure in the OpenClaw-adjacent social platform exposed 1.5 million API tokens, shows how quickly these vulnerabilities move from theoretical to damaging. Nvidia’s response is instructive: rather than simply endorse the tool, they built NemoClaw specifically to add enterprise-grade safety guardrails to OpenClaw deployments. When the world’s leading AI chip company feels the need to build a safer version of a tool that has been publicly available for less than four months, that tells you something useful about the state of the original.
OpenClaw’s design has drawn scrutiny from cybersecurity researchers and technology journalists due to the broad permissions it requires to function effectively. Because the software can access email accounts, calendars, messaging platforms, and other sensitive services, misconfigured or exposed instances present security and privacy risks. The agent is also susceptible to prompt injection attacks, in which harmful instructions are embedded in the data with the intent of getting the LLM to interpret them as legitimate user instructions.
Wikipedia
Cisco’s AI security research team tested a third-party OpenClaw skill and found it performed data exfiltration and prompt injection without user awareness, noting that the skill repository lacked adequate vetting to prevent malicious submissions. One of OpenClaw’s own maintainers, known as Shadow, warned on Discord that “if you can’t understand how to run a command line, this is far too dangerous of a project for you to use safely.”
In March 2026, Chinese authorities restricted state-run enterprises and government agencies from running OpenClaw AI apps on office computers in order to defuse potential security risks.
All of this is concerning, but it is arguably the secondary risk for European consumer goods brands. The primary risk is different, less visible, and harder to address through your own security protocols, because it does not involve your systems at all.
If your Chinese distributor is running an OpenClaw agent (and given the pace of adoption the probability is rising) that agent may be autonomously accessing, processing, and transmitting commercial data you have shared with them. Pricing files. Sales forecasts. Product launch briefs. Distribution agreements. The kind of documents that routinely change hands in a normal importer-distributor relationship, shared in good faith over email or WeChat, and now potentially being read, summarised, forwarded, or acted upon by an AI agent running in the background on your partner’s laptop. Your partner may not have configured it to handle your documents. They may not even be aware it is doing so making it exponentially harder for you to evaluate your potential AI risks in China.
This is not a hypothetical. It is a direct consequence of how OpenClaw works. China’s National Internet Finance Association, NIFA, issued a formal risk alert in March 2026 specifically warning that OpenClaw poses serious challenges due to its high default system permissions and weak security configurations, and this was directed at Chinese domestic users, not foreign business partners. China’s Ministry of Industry and Information Technology issued a separate advisory after more than 40,000 exposed OpenClaw instances were found globally.
For European brands, the GDPR dimension of this scenario deserves careful thought. If personal data, even something as straightforward as a consumer contact list shared with a distributor, passes through an OpenClaw agent sitting on an inadequately secured server, the question of who bears responsibility under GDPR does not have a comfortable answer. The fact that it happened on your partner’s device, in another country, using a tool you did not choose, is unlikely to constitute a complete defence.
European data protection authorities have demonstrated a consistent appetite for pursuing accountability across supply chains, and “we did not know our distributor was using it” is not the kind of answer that tends to close an investigation quickly.
It is also worth being clear about what China’s own data protection law does and does not do. The Personal Information Protection Law, PIPL, came into force in 2021 and is closely modelled on GDPR in its structure and requirements for commercial data handling. It imposes genuine obligations on Chinese companies around consent, data breach notification, and cross-border data transfers, with fines of up to 5% of annual revenue for non-compliance. In some respects it is stricter than GDPR. What it does not do, and was never designed to do, is protect individuals or their business partners against data access by the Chinese state. The law’s broad exception for circumstances “provided in laws and administrative regulations” ensures that state access remains available when authorities choose to exercise it.
For European brands sharing commercially sensitive data with Chinese partners, this distinction matters considerably. Your distributor may be fully PIPL-compliant and still be operating in an environment where the state can access data that GDPR would treat as protected.
Beyond China: What the Rest of the Region Tells You
The OpenClaw phenomenon, while most concentrated in China, is not confined to it, and the responses across the region tell you something useful about how different markets are managing the arrival of agentic AI.
South Korea presents an interesting contrast. Consumer enthusiasm for AI tools is high, and a vibrant OpenClaw user community exists on social media. At the corporate level, however, the security response has been swift and categorical. Kakao, Naver, and Karrot Market have all banned the tool on corporate networks, moving to restrict adoption before it could create the kind of legacy exposure now proving difficult to manage in China. Your partner’s IT governance in Korea is likely to be considerably more formal than you might encounter elsewhere in the region, which is worth factoring into how you structure data sharing from the outset.
In Southeast Asia, the picture varies considerably by market. Singapore and Hong Kong have been shaped by data sovereignty concerns and privacy frameworks modelled partially on European principles, which means the appetite for local, on-premise AI solutions is high and the resistance to unrestricted cloud-based agents is real. For brands entering these markets, data-responsible positioning resonates with local regulatory culture in a way that it simply does not in markets with fewer constraints. That’s actually a deliberate positioning opportunity worth thinking about.
Vietnam, Thailand, and Indonesia are earlier in the adoption curve but moving quickly. The Chinese playbook of cheap local models, cloud infrastructure deployment, and government enthusiasm for the super individual model is entirely replicable across the region. Brands with distribution relationships in these markets should not assume the OpenClaw conversation is irrelevant simply because adoption is less visible today. It was less visible in China in January too.
What This Actually Means if You Are Selling Into Asia
The strategic implications operate at several levels, depending on where you are in your Asian expansion journey.
If you are already in market with a Chinese distributor or retail partner, the most immediate practical step is to audit what commercial data you are currently sharing with them and in what format. Documents shared over WeChat, which covers almost everything given how business operates in China, are particularly exposed now that Tencent has integrated QClaw directly within WeChat as a mini-program, allowing users to transfer files and issue commands via audio messages and images. Your pricing sheet sent over WeChat is now potentially a document in an agent’s active file environment. That is not a theoretical concern. It is a description of how the platform currently functions.
Tencent is reportedly also building a WeChat AI agent for its 1.4 billion users that would handle tasks like booking taxis and ordering groceries from within the WeChat mini-program ecosystem. This is even more significant than the QClaw detail above, because it means the agent layer is heading directly into the consumer purchasing journey at mass scale.
If you are planning market entry, this is the moment to build data governance into your distributor agreements rather than retrofitting it after the fact. Define explicitly what categories of commercial data can (& cannot!) be processed by automated systems. Require notification if AI agents are deployed in roles that involve your shared information. Consider whether your standard NDA and confidentiality clauses are adequate for an environment where autonomous agents, not humans, may be the ones handling your documents. Most existing agreements were not written with this scenario in mind, because the scenario did not exist eighteen months ago. You are not being asked to predict the future. You are being asked to acknowledge that it has already arrived & to build the guard rails into your existing structures and processes.
The Alibaba Wukong development deserves particular attention from brands selling through Tmall or Taobao. If Alibaba embeds agentic AI into its e-commerce platforms, and this week’s announcement makes clear that is the direction of travel, the question of how AI agents interact with product listings, price comparisons, promotional mechanics, and purchase decisions becomes urgently relevant for your brand strategy. The same logic applies to Alipay integration: if payment and purchasing decisions begin to flow through an agent layer rather than direct consumer interaction, the assumptions that underpin most brand activation and in-platform marketing will need revisiting sooner than most brands are planning for.
If you are watching from a distance and wondering whether this is relevant to you, consider this. The OpenClaw phenomenon is the most visible indicator yet of a structural shift in how Asian markets, led by China, are building their digital economies. The battle for the “app entrance” that dominated the last decade, the competition to be the platform through which consumers discover and buy products, is giving way to something more fundamental. The competition now is to become the underlying agent layer that mediates between consumers and everything else. For brands, this raises a question that has no comfortable answer yet: if an AI agent is making or mediating purchasing decisions on behalf of a consumer, booking, ordering, reordering, comparing, what does brand awareness, packaging appeal, or flavour preference actually mean in that transaction?
The pace of change in Asian markets has always been the thing that surprises European brands most when they arrive. An Austrian programmer released an open-source tool in late 2025. By March 2026, a thousand people were queuing in Shenzhen to install it, Jensen Huang was calling it the most important software project in human history, Alibaba was embedding it into Taobao and Alipay, local governments were writing subsidy policies around it, and security agencies across the region were issuing formal warnings about it. The entire arc, from release to mass adoption to regulatory response to corporate integration to a Jensen Huang endorsement, took less than four months.
If your Asia market strategy still operates on an annual planning cycle, that is worth sitting with for a moment.
OpenClaw will be just the first of these truly accessible agentic tools, and the fast adoption of anything representing convenience means that your potential AI risks in China are the testing ground for this new era. China may be where mass implementation begins, but this is for sure just the start of a new way of working, bring both massive potential (if one person can do the work of a whole team) but also substantial compliance risks.
Thinking that working with a consultant would accelerate your international expansion?
If you’d like to learn more about working with me for support on your internationalisation projects or personal export knowledge, you can book a 30 minute international clarity call here.
If you haven’t already signed up for my free e-book about how to select which international market to enter next, you can do so here, or using the form below.
If you enjoyed this content please share it on social media or recommend it to your network.
Pin this post for later!
Kathryn firmly believes that business is done between people, and therefore places her focus on building strong relationships that form a solid foundation for doing business.
When she's not travelling around the world, Kathryn enjoys playing clarinet in her town's wind orchestra or sharing her love of the outdoors with her Scout group.
