The growing popularity of "shrimp farming," which has spread from geek circles to the general public, is drawing attention to issues of data security and system control. In a previous test, Summer Yue, Director of AI Alignment and Safety at Meta's Super Intelligence Lab, deliberately set a "confirm before acting" safety instruction for OpenClaw. However, she could only watch as OpenClaw cleared her inbox containing important emails at an astonishing speed, completely unable to halt the process in time. This highlights the potential risks of OpenClaw in local deployment mode.
In response to the frequent security risks associated with "shrimp farming," the industry urgently needs a new security paradigm to help ordinary users engage in "painless shrimp farming." Baidu has officially entered this field by launching the world's first mobile lobster application, "Red Finger Operator." On March 17, "Red Finger Operator" was officially renamed Red Claw, allowing users to download, register, and directly command this "mobile lobster" to perform various tedious tasks.
Tests by All-Weather Technology reveal that Red Claw operates using the qianfan and deepseek-v3.1-250821 models, enabling it to utilize apps on the phone for tasks such as ordering meals and booking tickets. According to All-Weather Technology, Red Claw incorporates a strict "three-layer isolation system" in its architectural design:
First, there is bottom-layer physical isolation. The application runs entirely on cloud-based mobile devices, completely isolated from the data on the user's physical mobile device. The application neither accesses nor requires authorization for locally stored data.
Second, there is runtime environment isolation. Each user is assigned an exclusive cloud-based mobile device, ensuring absolute isolation between devices.
Third, there is task data isolation. Multiple layers of data encryption are employed, preventing information from crossing between tasks.
Additionally, in terms of permissions and visibility control, Red Claw emphasizes "proactive ownership" in its product design. This means every step of the AI's operations is fully visible and traceable to the user. When privacy-sensitive actions or authorization-required steps are involved, the cloud process is forcibly suspended and can only proceed after user confirmation or manual intervention.
To some extent, this provides a highly secure "painless trial-and-error" environment for general users. However, moving the "lobster" to the cloud does not eliminate problems; it merely changes their form.
The most noticeable change is efficiency. Local execution relies on instant responses, whereas cloud-based mobile devices inevitably introduce additional steps such as network latency and virtual device scheduling. While this may have a manageable impact on standardized tasks like ordering meals or booking tickets, delays become more pronounced in multi-step scenarios requiring real-time feedback. Operations that were once seamless are broken into segments requiring confirmation, turning smoothness into a cost.
Increased visibility does not necessarily translate to enhanced control. The design principle of "every step being visible and traceable" reinforces a sense of security, but when tasks are broken down into numerous small operations, users are confronted with what resembles a continuously scrolling execution log. In such cases, the user's role may shift from decision-maker to passive confirmer. Visibility does not equate to understanding, and confirmation does not fully equate to true control.
Isolation also redefines the boundaries of capability. The permissions accessible to a cloud-based mobile device depend fundamentally on the platform's adaptation range, rather than the full capabilities of the user's physical device. This means that while risks are reduced, the system transitions from being a "near-omnipotent agent" to a "predefined automation tool."
Moreover, so-called physical isolation resembles a transfer of trust. Data is no longer exposed locally, but users must instead trust the security of the cloud environment itself.
Cloud operation also introduces cost considerations. Maintaining an independent cloud-based mobile device for each user, running continuously online, consumes significant computational power and resources. As the user base expands, platforms must either bear ongoing subsidy pressures or implement restrictions and tiered pricing to offset costs. This structural reality positions the approach more as an interim solution rather than a universally scalable final form.
A more subtle change is the weakening of risk perception. In a local environment, errors occur directly on the user's device, providing clear and immediate feedback. Under cloud isolation, errors are "wrapped," and their impact may be delayed or partially mitigated. This "safer" experience may simultaneously reduce users' sensitivity to risk boundaries.
In the long term, the "cloud isolation method" appears to be a compromise that balances commercial adoption with risk control during the current stage of AI's immaturity. It addresses the most urgent uncertainties but introduces new trade-offs. When on-device large language models possess sufficient computational power and safety safeguards in the future, whether "cloud lobsters" can safely "swim back" to users' local devices will be a key focus in the next phase of intelligent agent technology competition.
Comments