Exclusive | Byte internal releases "Lobster" security regulations: Employees are strictly prohibited from installing and using OpenClaw class tools in the core production environment.

It is reported that the security team of ByteDance recently released the "OpenClaw Security Specification and Usage Guidelines" internally, and simultaneously launched ByteClaw for ByteDance employees. The "Security Specification" points out five common risks of OpenClaw, including improper access control settings, injection of prompt words, theft of sensitive information, supply chain vulnerabilities, and malicious plugin poisoning, and proposes security requirements and configuration guidelines specifically. The ByteDance security team recommends that employees prioritize using compliant tools with security baseline configurations such as ByteClaw, which can be centrally managed on cloud platforms for continuous prevention of various security risks. The "Security Specification" also emphasizes that it is strictly prohibited for employees to install and use OpenClaw-like tools in core production environments such as business servers, to avoid occupying business resources or causing security incidents; it is not recommended for employees to install related tools on office computers, and if there is a legitimate work need, they must strictly follow the security configuration guidelines, complete compliance settings before use.