Politics

Agentic AI's rising influence reshapes trust and security in autonomous systems

Wednesday, 8 April 2026 6:51AM UTC

As agentic AI systems gain autonomy across business and personal tasks, industry experts highlight practical deployment challenges, security risks, and the evolving regulatory landscape at a Shanghai forum.

The rise of agentic AI is shifting the tech landscape from laboratory experiments to systems that can act autonomously across business and personal tasks. At a Shanghai forum on April 3 convened by the Xujiahui Science and Technology Innovation Center, the Shanghai Distributed Consensus Technology Association, PANews and Mankiw Law Firm, speakers outlined both the promise and the practical challenges of that transition.

Li Chenxing, chief architect at Conflux Tree Graph, argued that giving AI greater autonomy is an unavoidable direction for the field, but warned that current systems struggle to retain and apply the contextual constraints required for reliable decisions in complex, real-world environments. He described memory as the chief technical bottleneck, parameter storage, short context windows and slow or inefficient external memory access all limit continuity of experience, and urged work on stronger retrieval, continuous learning and vertical domain practice to build reusable experiential memory.

Practical deployment concerns were a recurring theme. Tencent Cloud’s Feng Heqing explained that mature enterprise agents must support end-to-end tasks, multi-role collaboration and hierarchical memory while preserving data security through local storage and manual confirmation for critical operations. He outlined an enterprise-ready architecture with execution isolation, permission control and both cloud and on-premise deployment options, noting these are necessary to adapt agents to complex corporate workflows.

Speakers with hands-on experience warned that agent systems are still engineering-heavy and resource-sensitive. Teddy, founder of Biteye and XHunt, recommended mandatory multi-stage review processes, such as higher-level agents rechecking code produced by lower-level agents, to reduce errors, and advised careful orchestration of execution via backend APIs to preserve stability and control token consumption. He also highlighted security risks including prompt injection and malicious skill modules.

OpenClaw, the open-source agent framework enjoying rapid uptake in China, was a focal point of discussion. Its plugin-like “skills” enable agents to interact with external services and automate complex workflows, but the community and vendors stress that skills are untrusted code until vetted and that poor or malicious skills can cause substantial harm. China’s fast adoption has been driven by local compute economics and policy incentives, yet regulators have restricted its use in official institutions amid data-security concerns.

The commercial dynamics around OpenClaw have exposed deeper industry tensions. Anthropic recently moved to restrict or monetise third-party agent integrations with its Claude service, citing the disproportionate compute demands of agentic usage versus conventional chat interactions. That policy shift, which includes new usage charges and transitional credits, has provoked pushback from open-source proponents and underscores a broader shift from flat-rate subscriptions toward usage-based pricing for resource-intensive AI applications.

Investors at the event urged sober reading of where durable advantage will arise. Venture capitalists emphasised that rapid model iteration reduces the shelf-life of purely algorithmic leads and recommended concentrating on hard-to-replicate assets such as computing resources, data and user-locked memory systems. Several panellists predicted the emergence of new friction points: whether AI-generated memory becomes portable or product-locked, whether single‑vendor lock-in produces concentrated failure modes, and whether a dominant “super portal” for AI interaction will take hold.

Legal and operational safeguards are already being pressed into service. Mankiw LLP partner Zhao Xuan cautioned entrepreneurs against “false isolation” from one-person corporate shells, urged rigorous documentation to establish ownership of core assets, and recommended designing around platform centralisation risks by separating critical data from third-party services and exploring decentralised options. Such precautions aim to limit single points of failure as agents assume more consequential roles, including transaction execution and strategy implementation.

Source Reference Map

Inspired by headline at: ^[1]

Sources by paragraph:

Paragraph 1: ^[2], ^[3]
Paragraph 2: ^[1]
Paragraph 3: ^[1]
Paragraph 4: ^[1]
Paragraph 5: ^[4], ^[3]
Paragraph 6: ^[2], ^[5]
Paragraph 7: ^[1], ^[3]
Paragraph 8: ^[1]

Source: Noah Wire Services

More on this

https://www.panewslab.com/en/articles/019d6b8e-9b3c-754e-bc92-ba45a3d6e16f - Please view link - unable to able to access data
https://www.axios.com/2026/04/06/anthropic-openclaw-subscription-openai - Anthropic, the AI company behind Claude, has recently restricted the use of its subscriptions with third-party agent tools like OpenClaw. This decision underscores the growing tension between AI companies and power users who seek persistent, powerful agent tools, while AI labs aim to manage computational costs and control how their models are utilised. The move reflects broader industry challenges, such as limited compute resources and the high cost of maintaining agentic AI systems compared to simpler chatbots. This change has sparked backlash from the open-source community and highlights the dilemma in the AI space—balancing efficiency and cost control against growth and user flexibility. ([axios.com](https://www.axios.com/2026/04/06/anthropic-openclaw-subscription-openai?utm_source=openai))
https://www.techradar.com/pro/why-is-openclaw-so-popular-in-china - OpenClaw, an open-source AI agent framework developed by Austrian Peter Steinberger, has seen exceptional popularity in China since its release in late 2025. Unlike in the U.S. or EU, where adoption has been cautious, China's uptake has been accelerated by government coordination, lower operating costs, and job market anxieties. OpenClaw connects with various large language models (LLMs) to automate tasks like research, email drafting, and scheduling, effectively acting as a digital assistant. Chinese cities such as Shenzhen and Wuxi have offered computing credits and subsidies to incentivise OpenClaw projects, with events run by tech giants like Tencent and Baidu. Lower LLM operation costs—thanks to domestic AI models—make it more accessible in China than in the West, where API usage from companies like OpenAI is more expensive. Additionally, high youth unemployment and AI-related job fears have fuelled the idea of 'one-person companies,' where individuals use AI to run entire businesses solo. However, security concerns remain. China's central government has prohibited OpenClaw use in official institutions, citing risks such as data leaks and prompt injection attacks. While grassroots enthusiasm is strong, adoption is heavily shaped by state-driven strategies and ongoing cybersecurity scrutiny. ([techradar.com](https://www.techradar.com/pro/why-is-openclaw-so-popular-in-china?utm_source=openai))
https://www.techradar.com/pro/what-are-openclaw-skills-a-detailed-guide - OpenClaw Skills are modular extensions that enable the OpenClaw agent to interact with specific tools or services. Each skill is housed in its own folder and includes a SKILL.md file—a human-readable document with a name, description, and instructions for use. These skills allow the AI agent to go beyond basic chat functions, managing tasks such as email triage, web searches, and automation workflows. Skills can be bundled with OpenClaw, installed globally, or scoped to specific workspaces. The official marketplace, ClawHub, offers over 5,400 community-contributed skills. Users can also create custom skills for tailored workflows. Skills only load if system requirements and dependencies, noted in SKILL.md, are met. The platform supports agent role separation and customised automation workflows by routing tasks based on skills. Unlike Anthropic Claude's account-based instruction sets, OpenClaw Skills are more like plugins—run locally, control external tool access, and rely on models like Claude or GPT-4o for reasoning. Security is a key concern, as poorly written or malicious skills can execute harmful actions. Users are advised to treat all third-party skills as untrusted code, check their VirusTotal reports, and prefer sandboxed runs. Caution is essential, particularly due to the immature state of the skills marketplace. ([techradar.com](https://www.techradar.com/pro/what-are-openclaw-skills-a-detailed-guide?utm_source=openai))
https://www.techradar.com/pro/bad-news-claude-users-anthropic-says-youll-need-to-pay-to-use-openclaw-now - As of April 4, 2026, Anthropic has removed access to third-party tools such as OpenClaw from its standard Claude subscription, requiring users to pay separately to continue using these services. This change affects users relying on Claude for agentic workflows, as Anthropic states that such tools consume significantly more computing resources than typical human chat usage, placing strain on their infrastructure. To ease the transition, the company is offering a one-time usage credit equal to the monthly subscription fee and up to 30% discounts on usage bundles, valid until April 17. Subscription refunds are also being considered due to the change in terms. OpenClaw, an open-source AI agent capable of executing complex actions and integrating with messaging apps, is no longer included in Claude's subscription limits. Peter Steinberger, OpenClaw’s creator, criticised Anthropic for incorporating features into its closed system while excluding open-source tools. The move reflects a broader trend in the AI industry, shifting from flat-rate subscription models to usage-based pricing as more resource-intensive AI tools gain popularity. ([techradar.com](https://www.techradar.com/pro/bad-news-claude-users-anthropic-says-youll-need-to-pay-to-use-openclaw-now?utm_source=openai))
https://en.wikipedia.org/wiki/OpenClaw - OpenClaw (formerly Clawdbot, Moltbot, and Molty) is a free and open-source autonomous artificial intelligence agent that can execute tasks via large language models (LLMs), using messaging platforms as its main user interface. Developed by Austrian programmer Peter Steinberger, OpenClaw was first published in November 2025 under the name Clawdbot. The software was derived from Clawd (now Molty), an AI-based virtual assistant that he had developed, which itself was named after Anthropic's chatbot Claude. Within two months it was renamed twice: first to 'Moltbot' (keeping with a lobster theme) on January 27, 2026, following trademark complaints by Anthropic, and then three days later to 'OpenClaw' because Steinberger found that the name Moltbot 'never quite rolled off the tongue.' At the same time as the first rebranding, entrepreneur Matt Schlicht launched Moltbook—a social networking service which was intended to be used by AI agents such as OpenClaw. The viral popularity of Moltbook coincided with an increase in interest in the project, with the open-source project having 247,000 stars and 47,700 forks on GitHub as of March 2, 2026. ([en.wikipedia.org](https://en.wikipedia.org/wiki/OpenClaw?utm_source=openai))

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 7

Notes: The article references events from April 3, 2026, and includes information about Anthropic's policy change on April 4, 2026. However, the article was published on April 8, 2026, which is a delay of 5 days. This delay may affect the freshness of the information presented.

Quotes check

Score: 6

Notes: The article includes direct quotes attributed to individuals such as Li Chenxing, Feng Heqing, and Zhao Xuan. However, these quotes cannot be independently verified through the provided sources, raising concerns about their authenticity.

Source reliability

Score: 5

Notes: The article cites sources like PANews, TechRadar, Axios, and ClawManager. While some of these sources are reputable, others are less well-known, which may affect the overall reliability of the information presented.

Plausibility check

Score: 7

Notes: The claims made in the article align with known developments in the AI industry, such as Anthropic's policy change regarding third-party tools. However, the lack of independently verifiable quotes and the delay in publication raise questions about the overall credibility of the information.

Overall assessment

Verdict (FAIL, OPEN, PASS): FAIL

Confidence (LOW, MEDIUM, HIGH): MEDIUM

Summary: The article presents information on recent developments in agentic AI and related policy changes. However, the delay in publication, unverified quotes, reliance on less reputable sources, and potential lack of independent verification raise significant concerns about the credibility and accuracy of the content. These issues necessitate further verification before publication.

AI
Agentic AI
Technology Disruption