Dialogue with Zhang Xiantao from Alibaba Cloud: Why Open Claw is a foundational project for AGI

Wallstreetcn
2026.03.16 09:36
portai
I'm PortAI, I can summarize articles.

A foundation comparable to Linux

Author | Zhou Zhiyu

Open Claw surpassed the thirty-year accumulation of stars on Linux in just three weeks on GitHub.

Around the Spring Festival, almost all major companies—Alibaba, Tencent, Baidu, ByteDance—launched their own intelligent agent products based on this open-source project or inspired by it. "Happy Shrimp Farming" has transformed from a trend in the geek circle into a nationwide movement.

However, the speed at which major companies and users flooded into the field far outpaced the maturity of the products. Lobster-related products are generally in the very early stages, with inconsistent stability in task completion, and the threshold for permission configuration deters ordinary users. Security issues remain unresolved—this feels more like a collective FOMO rather than a turning point for productization.

As one of the most active entrants, the day after Alibaba Cloud's intelligent agent product JVS Claw officially launched on March 13, Zhang Xiantao, president of Alibaba Cloud's Intelligent Computing Division and head of JVS Claw, pointed out in a conversation with Wall Street Journal and others that Open Claw is not a passing trend; it is a foundational project towards AGI.

Zhang Xiantao has worked on the Linux kernel for over twenty years, and he places Open Claw within the narrative framework of "thirty years of Linux"—this judgment is bold enough, and the underlying industrial issues are worth serious dissection.

Not a Passing Trend

In Zhang Xiantao's view, the reason Open Claw can ignite the entire industry lies in its architectural design, which solves a problem that no one had previously addressed well: what should an AI Agent look like.

Last year was the inaugural year for Agents, and everyone was exploring. Last year, Alibaba Cloud released an Agent Infra (intelligent agent base) product, followed by AWS and Google also launching intelligent agent base products. However, there was no unified understanding of Agents.

After the emergence of Open Claw, consensus quickly formed—it has a model-centric architecture, does not impose restrictions on models, does not bind channels, and is completely open to skills, allowing any major company to contribute without worrying about being locked out by competitors.

More critically, Open Claw was initiated by individual developer Peter, rather than being led by any major company. This gives it a natural neutrality—this is a prerequisite for forming industrial consensus. Zhang Xiantao revealed that he made a judgment after reading the code the day after the project exploded in popularity: This is infrastructure-level stuff, not just an application.

Zhang Xiantao emphasized that Open Claw is a "foundational project" rather than a "unique project."

Just as the prosperity of Linux relies not only on the kernel but also on system software, middleware, and toolchains, Zhang Xiantao believes that a large number of open-source projects will inevitably emerge around Open Claw, and only when combined can they form a systemic ecosystem for AGI. The reason Open Claw has this potential lies in its openness.

He compared Windows and Linux: the evolution pace of a closed system will never match that of an open system. "We firmly support open source," he said, "the more vibrant approach is definitely the one we are currently pursuing." But the distance between consensus and maturity is much greater than what the number of stars on GitHub suggests.

Currently, the Claw products from various companies are not mature. In programming scenarios, Codex and Cursor are actually more stable than lobster-type products—the former's permission configuration and environment setup thresholds have dampened the promises made to the public.

Zhang Xiantao's judgment is, "It will be better to use in three months, and very good to use in six months."

Right now, there is still a massive amount of security reinforcement, product refinement, and ecosystem construction to be done between the core and the deliverable product. The current situation of Open Claw with hundreds of commits daily and an imperfect code review mechanism means that this core itself is still undergoing significant changes.

Structural Contradictions

Product maturity is a problem that time can solve, but security and permissions are inherent contradictions of the lobster paradigm.

Zhang Xiantao spent a long time discussing security. The security status of the original Open Claw, in his own words, is: "Don't even talk about hackers; anyone with a little computer knowledge can take the Key."

JVS Claw has implemented four layers of reinforcement—self-developed IM communication layer, Wuying cloud computer security gateway, API Key rotation every five minutes, and overall architecture reconstruction. In terms of technical solutions, this may be the heaviest security investment in the industry right now.

But technical solutions can only solve half of the security problem. The other half lies in permissions.

Currently, the permission status of the lobster can be described as "wild." Zhang Xiantao did not deny this; he believes it needs to be balanced, a balance between efficiency and security.

He drew an analogy with AI coding: a year ago, major companies prohibited employees from using Cursor, but now it is basically open. However, AI coding operates on code repositories, which have corporate security teams backing them; the lobster operates on personal emails, calendars, and social accounts, with the last line of defense being the user's own judgment.

The example Zhang Xiantao provided illustrates this point perfectly.

He had the lobster search for his public information, and the lobster automatically found his email and sent an email—he was "amazed" by this. But the flip side of this capability is: if the Agent can infer your contact information from public information and initiate communication proactively, it can also be maliciously exploited.

The boundaries of capability and security sometimes lie on the same line.

This is not a problem that can be resolved simply by one vendor implementing security reinforcements. For an Agent to be useful, it must have permissions, and with permissions comes risk—this is the contradiction inherent in the paradigm itself.

Zhang Xiantao's solution is "minimum necessary authorization" combined with permission management of the underlying SaaS system, but he also admits: "Before you let it work for you, you still need to put some thought into permission configuration."

For novice users attracted by "happy shrimp farming," putting effort into configuring permissions has already exceeded the normal expectations for consumer-grade products. As the lobster transitions from a geek toy to a public tool, security issues are also changing in tandem—no longer a game of offense and defense in the tech community, but a public issue involving the digital assets of a large number of ordinary people Zhang Xiantao's "architecture isolation" solution for lobster in the cloud computer relies on the capabilities of the cloud platform—while addressing security issues, it also objectively turns "security" into a service that needs to depend on large companies.

Pond Battle

Zhang Xiantao claims that Alibaba Cloud "firmly supports open source," but he has also independently developed IM, using cloud computers as the execution environment, with data and skills all consolidated on his own cloud. The open source is the kernel, while the user's assets are in a closed loop. The lobster "understands you more the more you use it," which means the migration cost is getting higher.

This is not a choice made solely by Alibaba Cloud. Tencent's lobster product will inevitably grow within the Tencent ecosystem, ByteDance connects Doubao and Feishu, and Baidu will also bind Wenxin and Wangpan.

The technical routes vary, but the underlying logic is the same: whoever owns the execution environment of the Agent will own the next generation of user relationships.

All major companies are rushing to develop their own lobster, and on the surface, they are competing on products, but in reality, they are fighting for the "operating system" position in the Agent era. Zhang Xiantao's own analogy has revealed this point—he repeatedly emphasizes not the model capability, but the execution environment, communication layer, and security architecture. He does not see lobster as an APP; he sees it as an operating system.

The subtext of each major company eagerly launching its own Open Claw is: we want to be the next generation of computing entry point.

Ten years ago, the competition was for cloud servers, five years ago it was for mini-program ecosystems, and now the competition is about what kind of foundation AI assistants should grow on. The forms are changing, but the logic remains the same.

This is reminiscent of the Android story. Google open-sourced the system, and each of Samsung, Huawei, and Xiaomi built walled gardens on top of it. Ten years later, openness indeed fostered prosperity, but the fruits were not evenly distributed.

The lobster craze is likely to replay a similar script: the openness of Open Claw will give rise to a large ecosystem, but the dividends will ultimately concentrate in the hands of a few players who have built good ponds.

Alibaba Cloud's advantage lies in the accumulation of cloud infrastructure and security capabilities, but the mindset of C-end users is also an unavoidable shortcoming.

When ordinary people open their phones, the first entry point they think of is more likely to be WeChat, Douyin, or Alipay, rather than Alibaba Cloud. Tencent has a social relationship chain, ByteDance has content distribution, Baidu has a search entry point, and each company has its own pipeline to users. Alibaba Cloud holds the cards of cloud and security, but in a war for personal super assistants, whether this hand is strong enough still needs to be validated.

Zhang Xiantao says JVS Claw is Alibaba Cloud's "only," but being unique does not equal winning.

Half a year is a product cycle, but for a war at the entry level, half a year could be a life-or-death line. The lobster craze is not a passing wind, but it is also not a free ticket

Source: Wallstreetcn The copyright of this article belongs to the original author/organization.
The views expressed herein are solely those of the author and do not reflect the stance of the platform. The content is intended for investment reference purposes only and shall not be considered as investment advice. Please contact us if you have any questions or suggestions regarding the content services provided by the platform.