China Academy of Information and Communications Technology launches standard preparation work for smart assistant agent (Claw) series

On March 12, the China Academy of Information and Communications Technology officially launched the preparation of a series of standards for smart assistant agents (Claw), and systematically promoted the construction of standards systems related to smart assistant agents. "Intelligent Assistant Agent (Claw) Product Credibility Capability Requirements", as an important part of this series of standards, is now open to the industry to solicit participating units and experts for this standard. The standard will sort out relevant requirements around the controllable quality and trustworthy behavior of Claw products, including manageable user rights, transparent execution processes, controllable behavioral risks, and trustworthy platform and tool capabilities.

Yesterday, the China Academy of Information and Communications Technology (CAICT) published a blog post pointing out that the open source AI agent tool OpenClaw has been extremely popular on the Internet recently.But it also raises serious security challenges.

Wei Liang, deputy director of the China Academy of Information and Communications Technology, analyzed that the "Lobster" agent is currently updated and iterated very quickly, and the latest official version has indeed fixed known vulnerabilities.But this does not mean that security risks are completely eliminated.

This tool has high-authority features such as autonomous decision-making and calling system resources.In addition, the boundaries of system trust are blurred, and the skill package market currently lacks strict security audits, and there are many hidden dangers lurking inside.

Wei Liang said that when the agent calls the large language model, it is easy to misunderstand the content of user instructions and perform irreversible harmful operations such as deleting files.

Once users use third-party skill packages that are implanted with malicious code, they will face the risk of core data being leaked or even the entire system being controlled by hackers. Therefore, even if the user upgrades it to the latest version,If targeted preventive measures are not taken, it will still be difficult to resist external network attacks.

Wei Liang recommended that in daily use, users should not only upgrade and update software in a timely manner, but also strictly follow the security protection principles of "minimum permissions, active defense, and continuous auditing."

In addition, once users discover security vulnerabilities or encounter attacks on such agents, they can immediately report them to the Ministry of Industry and Information Technology’s Cyber ​​Security Threat and Vulnerability Information Sharing Platform. The platform will promptly organize research, judgment and security disposal in accordance with laws and regulations.