Byte internally releases "Lobster" related safety guidelines, launching ByteClaw for employees

March 18 afternoon, it was reported that ByteDance’s security team recently released internally the “OpenClaw Security Specifications and Usage Guidelines,” and simultaneously launched ByteClaw for ByteDance employees. The service is built on Volcano Engine ArkClaw Enterprise Edition, and within the company’s account system it can provide unified identity authentication, access control, and permission management, supporting employees in securely calling internal company resources. The “Security Specifications” states that OpenClaw has five common risk categories: improper access control configuration, prompt injection, theft of sensitive information, supply chain vulnerabilities, and malicious plugin poisoning, and it respectively puts forward security requirements and configuration guides for each. The ByteDance security team recommends that employees first use compliance tools such as ByteClaw that complete secure baseline configuration; these can be uniformly hosted on a cloud platform for operations and maintenance, continuously preventing all kinds of security risks. The “Security Specifications” also emphasizes that employees are strictly prohibited from installing and using OpenClaw-type tools in core production environments such as business servers, to avoid crowding out business resources or causing security incidents; it also does not recommend installing related tools locally on office computers—if employees indeed have a work need, they must strictly follow the security configuration guidelines, complete compliant setup, and then use them. (Sina Technology)