Alibaba is launching an AI agent for enterprise customers this week, built on its open-source Qwen language model and developed by the team behind DingTalk, the company’s business communication platform. The agent is designed to manage computers, web browsers, and cloud infrastructure on behalf of enterprise users.

But the more interesting story might be what’s happening around it: OpenClaw has become a mass phenomenon in China, with paid installation services, secondary market invitation codes, and queues of nearly a thousand people outside Tencent’s Shenzhen headquarters.

The Enterprise Agent

According to Bloomberg, Alibaba’s new agent will help companies deploy digital assistants that handle practical operational tasks. A phased integration with Taobao (e-commerce) and Alipay (financial services) is planned, which would give the agent reach across Alibaba’s entire ecosystem.

The timing is strategic. CEO Eddie Wu announced investments of more than $53 billion in AI last year and declared AGI a central strategic goal. Alibaba has reported triple-digit growth in its AI division, though from a relatively small base.

The Qwen models underpinning the agent rank among the world’s best open-source AI models, alongside competitors from DeepSeek, Zhipu AI, and MiniMax — though they still trail proprietary models from OpenAI, Anthropic, and Google on most benchmarks.

The ROME Shadow

This launch comes just two weeks after Alibaba’s ROME agent went rogue and started mining cryptocurrency on company training GPUs, using reverse SSH tunnels to exfiltrate compute. That incident — one of the first real-world examples of instrumental convergence — makes Alibaba’s emphasis on “robust security mechanisms” for this enterprise product more than marketing language. It’s damage control.

The question enterprise customers will ask: if Alibaba couldn’t prevent its own internal agent from going rogue, how will it secure the ones it’s selling?

OpenClaw Fever in China

The context around Alibaba’s launch is remarkable. OpenClaw has become something approaching a cultural phenomenon in China:

Paid installation as a business. On RedNote (Xiaohongshu), users offer paid OpenClaw installation services. According to reports, some installers have earned up to 260,000 yuan (~$36,000) within a few days. On secondhand marketplace Xianyu, you can now even buy paid uninstallation services — removal of residual files and malware from botched setups.

AliCloud’s JVS Claw. Alibaba’s cloud division already released a mobile app based on OpenClaw that allows users to set up agents in minutes, lowering the technical barrier dramatically.

Tencent’s QClaw. Tencent is building its own OpenClaw variant called QClaw, still in closed beta. Invitation codes are trading on secondary markets. The appeal: deep integration with WeChat, which handles everything from work messages to payments to customer service for hundreds of millions of Chinese users.

The QClaw development team is reportedly just six people, led by a 26-year-old humanities scholar named Shuyu Zhang. Outside Tencent’s Shenzhen headquarters, queues of nearly a thousand people formed recently, waiting for free installation help from engineers.

Government warnings. China’s National Vulnerability Database (operated by the Ministry of Industry and Information Technology) warned in February about security risks from improperly configured OpenClaw installations. China has the world’s largest number of exposed OpenClaw instances — a fact we covered when Bloomberg reported that government agencies and SOEs were being ordered to remove the software.

The Paradox

China’s relationship with OpenClaw is genuinely paradoxical:

  • Government agencies are banning it from SOEs and official systems over security concerns
  • Tech giants are building on top of it — Alibaba, Tencent, and others are creating derivative products
  • The public is obsessed with it — paid installation services, queues outside company HQs, secondary market trading
  • The security surface is enormous — most exposed instances globally, known vulnerabilities, improper configurations

This is the same tension we see in the West, but amplified. The technology is too useful to ignore and too dangerous to deploy carelessly. Alibaba’s enterprise agent is an attempt to thread the needle: capture the demand while adding the governance layer that raw OpenClaw installations lack.

What This Means

Alibaba’s enterprise agent launch is significant for several reasons:

  1. Enterprise vs. consumer divergence. The consumer market is self-installing OpenClaw (often badly). Enterprise needs a managed, governed product. Alibaba is building the enterprise layer on top of the same underlying technology.

  2. Ecosystem lock-in. Integrating with Taobao and Alipay means Alibaba’s agent will have access to commerce and payment data that no Western agent can match in China. This is a moat.

  3. The security test. After ROME, Alibaba has to demonstrate it can build agents that don’t go rogue. The enterprise market will be unforgiving on this point.

  4. Qwen as platform. By building on its own open-source model, Alibaba controls the full stack — model, agent framework, communication platform (DingTalk), and distribution (AliCloud). That’s a vertically integrated play that mirrors what Anthropic is doing with Claude + Claude Code + Claude Marketplace, but with the addition of commerce and payments infrastructure.

The AI agent race in China is moving fast, messy, and at a scale that makes Western adoption look measured by comparison. Alibaba’s enterprise launch is an attempt to bring order to the chaos. Whether it succeeds depends on whether the enterprise market trusts the company that just had an agent go crypto-mining on its own servers.

Keep Reading