When Tech Fever Precedes Managerial Judgment
A few weeks ago, employees at Tencent held mass installation parties for an artificial intelligence program. Hundreds of people, including lobster hats, celebrated the arrival of OpenClaw, the open-source autonomous agent created by Austrian programmer Peter Steinberger. This application is not a chatbot; it’s an agent: it schedules meetings, manages emails, browses the internet, organizes files, and replies to messages without users having to lift a finger. To perform all these tasks, it requires full access to the system, including passwords, API keys, and private data.
The enthusiasm was as genuine as it was disproportionate. Companies like Tencent, Alibaba, Baidu, and MiniMax launched their own versions or compatible programs, their stock prices soared, and MiniMax reached a valuation of $44 billion with a mere $79 million in revenue for 2025. Longgang district in Shenzhen even proposed subsidies of up to two million yuan for projects using agents similar to OpenClaw. In summary, the fervor ran far ahead of any risk assessment.
The Chinese government's response came swiftly, extinguishing the flames. Central authorities notified state-owned enterprises and government agencies not to install OpenClaw on office equipment, to declare existing installations, and to uninstall them if they were already operational. The People's Bank of China was more explicit: it instructed employees of state banks to uninstall the program even from their personal devices. The National Vulnerability Base of the Ministry of Industry and Information Technology published security guidelines directly targeting the agent. While there isn't an outright ban for citizens or entrepreneurs at present, the institutional message is clear.
What the Lobster Hat Doesn’t Reveal
Beneath this quaint anecdote lies an organizational mechanism that warrants dissection. OpenClaw is not dangerous because it is malicious; it is dangerous because its users—including executives from systemically important companies—granted it total permissions over their systems before understanding what it could do with them. Documented incidents so far include the deletion of the email inbox of the AI alignment lead at Meta, the exposure of sensitive information, and the emergence of fourteen malicious extensions on ClawHub last month, some specifically targeting cryptocurrency users.
This outlines a management pattern I recognize all too often. A tool arrives wrapped in a narrative of productivity, teams adopt it urgently due to latent pressure not to fall behind, and no one in the decision chain has the crucial conversation: what access are we granting, to what data, under what conditions of reversibility, and what containment protocol do we have if something goes wrong? That conversation didn't happen in Chinese state banks, nor at Tencent’s installation parties. And likely, it is not happening right now in dozens of organizations outside China that are replicating exactly the same pattern with similar tools.
Omission is often not due to technical negligence; it is usually the result of a culture where the fear of appearing slow or conservative silences critical thinking before it reaches the executive floor. The inertia of collective enthusiasm does the rest. When hundreds of people don lobster hats to celebrate an installation, the executive who raises their hand to question system permissions assumes a social cost that many are unwilling to bear.
The Arithmetic of Ceding Control to a Machine
There is a specific financial lesson that the OpenClaw case clearly exposes. Autonomous AI agents are not productivity tools in the traditional sense; they are delegation architectures: the user transfers the capacity for action, not just consultation, to a system that acts on their behalf. That delegation comes at a price rarely itemized in technology adoption presentations.
The first cost is the exposure of intangible assets. When OpenClaw manages the email of a central bank official, that agent processes, categorizes, and potentially transmits information regarding monetary policy decisions, counterparty relationships, or regulatory strategies. The most valuable data within an organization is often not in a protected database, but in the ordinary flow of communications among its executives. An agent with total permissions has access to that flow.
The second cost is that of reversibility. A chatbot that gives an incorrect answer generates an error that the user can ignore. An agent that executes actions, deletes emails, schedules meetings, or completes forms has consequences that may be irreversible or costly to undo. The asymmetry between the speed of the agent's actions and the speed of human oversight is precisely the vector of risk that the Chinese government’s guidelines are attempting to contain.
The third cost, the least visible, is the cost of silent operational dependence. When an organization delegates daily processes to an autonomous agent without documenting those processes or maintaining the capacity to perform them manually, it builds a dependency that only becomes visible when the agent fails, is compromised, or is withdrawn by regulatory order. This is precisely what is occurring now in Chinese state-owned enterprises, which must audit and uninstall implementations that have been operational for weeks.
The Pattern That Beijing Did Not Invent
It would be convenient, yet inaccurate, to present this story as a peculiarity of the Chinese government or its relationship with Western technology. The cycle described by the OpenClaw case—mass adoption driven by peer pressure, absence of risk assessment, security incidents, and delayed regulatory intervention—is the same cycle repeating in organizations worldwide with each relevant technological wave.
What Beijing is doing now is, structurally, what many boards should have done internally before their IT departments started receiving installation requests. The Chinese Academy of Information and Communications Technology plans to initiate reliability testing for agents like OpenClaw at the end of March. It’s an attempt to build standards after adoption has already occurred. The correct order would be the reverse, but that order requires someone in a position of authority to engage in the uncomfortable conversation before enthusiasm builds inertia.
MiniMax, valued at $44 billion with $79 million in revenue, illustrates the other side of the problem. That gap between valuation and earnings is sustainable only as long as the market believes that the scale of adoption will translate into monetization. If government brakes slow that adoption in the state sector—which is the largest in China—the pressure on that valuation becomes structural, not transient. The market optimism inflating the price rested on a narrative of frictionless growth. Friction has arrived.
Organizational culture is not the result of stated values or technological policies. It stems from the decisions its leaders made when no one was forcing them to do so and from all the conversations they postponed because the moment never felt right.
