CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 27, 2026

For Enterprises, Security Remains Agentic AI's Biggest Challenge

Dark Reading Archived May 27, 2026 ✓ Full text saved

Every company needs an agentic AI strategy, but the tools to allow agentic AI frameworks to be safely and securely adopted are just starting to appear.

Full text archived locally
✦ AI Summary · Claude Sonnet


    APPLICATION SECURITY CYBER RISK VULNERABILITIES & THREATS ENDPOINT SECURITY News, news analysis, and commentary on the latest trends in cybersecurity technology. For Enterprises, Security Remains Agentic AI's Biggest Challenge Every company needs an agentic AI strategy, but the tools to allow agentic AI frameworks to be safely and securely adopted are just starting to appear. Robert Lemos,Contributing Writer May 26, 2026 6 Min Read SOURCE: KOSHIRO K VIA SHUTTERSTOCK In January, a mere two months after the OpenClaw project was created, hundreds of users had downloaded the software to run on their own systems. By early March, it had surpassed 250,000 stars on GitHub — a measure of popularity among developers. Then, on March 16, the agentic AI framework earned enterprise legitimacy when Nvidia CEO Jensen Huang, during his keynote at Nvidia's GPU Technology Conference (GTC) 2026. "OpenClaw has open-sourced, essentially, the operating system for agentic computers," Huang told the audience, adding: "The implication is incredible... Every company in the world today needs to have an OpenClaw strategy, an agentic-system strategy. This is the new computer." Yet, OpenClaw may not yet be ready for the enterprise primetime, as the framework continues to have massive security and stability concerns. In February, Gartner recommended that companies block downloads and traffic for the platform it deemed was operating "insecurely by default." Several cybersecurity firms have found tens of thousands of vulnerable OpenClaw instances accessible via the Internet. As of early May, researchers have reported at least 454 vulnerabilities in the framework, according to the National Vulnerability Database. Related:OWASP GenAI Security Project Gets Update, New Tools Matrix Efforts to rearchitect the core OpenClaw software to improve security and stability are not simple, and in April, resulted in significant headaches for users — the agents slowed, some installs got stuck in repair loops, and communications through popular channels slowed. OpenClaw creator Peter Steingberger apologized for the issues in a May 5 post. "The problem: I underestimated how difficult it would be to get this right," he said. OpenClaw, of course, is not alone. OpenAI hired the creator of OpenClaw to develop agentic capabilities and Anthropic has already added agentic features via an "agentic harness" — an orchestration layer for agents that controls what they can access and do — as well as its widely used Claude skills. A more direct competitor to OpenClaw is Hermes, an open-source, self-improving AI agent that has built-in sandboxing, created by Nous Research. A Formula One Car Without Brakes Tackling the security problems posed by agentic AI is not simple nor easy. The software security stack was not built with agents in mind, which resemble users more than software programs, says Dev Rishi, head of AI at Rubrik. Running the same agents at different times may result in different activity. "These agents feel like Formula One cars without brakes," Rishi says. "They operate so quickly and they ask for such a high degree of permissions that it really is actually kind of quite scary in terms of what types of risks that they might actually expose an organization to." Related:Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain A human in the loop could act as a control, but with agents running so quickly, gaining human approval for every risky action is not scalable, he says. Yet, promise of improved productivity means that business leaders will continue to feel the pressure. Agentic AI can immediately help with a host of enterprise coordination, administration, and information tasks, says Manoj Nair, chief innovation officer for Snyk, an application security firm.  The frameworks "explode the notion of what an agent can do in people's imagination and drives agentic application development much faster than we have ever seen in the last year," Nair says. More than one-in-five AI-forward companies (22%) had OpenClaw running within days, according to Token Security, an AI agent and non-human identity security firm. "We saw how fast it was spreading — basically, like wildfire — and in a lot of cases, it was shadow AI," says Christian Simko, a product evangelist for Token Security. "Users were setting up OpenClaw instances without security or identity teams even knowing about it." Related:Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy Taming the Goal-Oriented AI First and foremost, enterprises need visibility into what actions agents are taking and governance controls to set and enforce policies. Nvidia created the NemoClaw — announced at GTC 2026 — to be an enterprise-grade version of OpenClaw, adding agent registration and governance as well as an open-source orchestration layer. NemoClaw uses OpenShell for sandboxing and the Nemotron-3 family of AI models. Demonstrating the need for a new security architecture took about 47 seconds. That's how long an exploit — delivered in a support ticket — needed to escalate permissions, access customer records, exfiltrate data, and modify its own audit logs, covering its tracks, OpenClaw's creator Steinberger said in a March blog post introducing NemoClaw. NemoClaw combines kernel-level isolation through OpenShell, LLM-based policy evaluations, and an extra layer of data security to prevent exfiltration. "[F]or the first time, we have a production-grade security architecture that was designed specifically for AI agents," Steinberger said. "Not adapted from web application security, not borrowed from container orchestration — built from the ground up for a world where autonomous AI systems interact with real enterprise infrastructure." The governance and policy engine uses formal methodology to turn policy statements, written in Rego, into actions using the OpenShell Policy Prover (OPP). "We can't just assume the model, the agent, and the harness will do the right thing," says Ali Golshan, senior director of AI software at Nvidia. "We built OpenShell so the governance can be enforced by the infrastructure, and so you could be ensured it's declarative, not probabilistic." The goal is to be able to write policies that allow an agent to read from GitHub, but not write to GitHub, and not to communicate with another agent which has that capability, he says. "We're in the very early stages of this, so this is all frontier research that we're doing." Hybrid Approach The security architecture will combine policies on AI enforced by OpenShell, a human or trusted agent in the loop, and a variety of other security tooling and controls to handle edge cases and block malicious content, Golshan says. "We're not building traditional detection-and-response technologies, but we do output all the logs and all the traces, so you can now take those and throw them into a data lake, a SIEM, a [security operations center]SOC, and be able to do additional analysis on them," he says. "We give you the typing and the infrastructure, we're not actually doing the logic itself." Other companies have already build additional layers of security. Cisco's Defense Claw, for example, can scan skills and model context protocol (MCP) servers for malicious code or unsanctioned artifacts. There's also Snyk Agent Security. OpenClaw's goal is to make it so stable, it becomes a piece of boring infrastructure, creator Steinberger stated in his May 5 blog post. Toward that end, OpenAI and the OpenClaw Foundation are building  a team around the development of the technology to help create a more modular architecture where less software is in the privileged core. "OpenClaw will keep getting more secure. It will also get smaller," he said. "But it has to stay boringly reliable while we do that." About the Author Robert Lemos Contributing Writer Rob is an award-winning, veteran technology journalist of more than 30 years, reporting on global cybersecurity issues, the latest offensive and defensive technologies, malware incidents, cyber conflict, and AI's impact on software and cybersecurity.  A former research engineer, Rob has written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. He has received five awards for journalism, including Best Deadline Journalism (Online) in 2003 for his coverage of the Blaster worm. Rob also analyzes data on various trends using Python and R for both his reporting and his clients. Recent reports include analyses of the shortage in cybersecurity workers, annual vulnerability trends, and annual threat reports. Rob holds degrees from Cornell University in Electrical Engineering and Computer Science (double major). Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Access More Research Webinars Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack Defending in the Shadow Era: When the CVE Feed Goes Dark Building SecOps That Make the Most of Every Dollar AI-Powered Credential Security: Intelligence Without Exposure AI-Powered Cybersecurity for Resource-Constrained Organizations More Webinars You May Also Like APPLICATION SECURITY Supply Chain Attack Secretly Installs OpenClaw for Cline Users by Rob Wright FEB 19, 2026 APPLICATION SECURITY Chinese Hackers Hijack Notepad++ Updates for 6 Months by Jai Vijayan, Contributing Writer FEB 02, 2026 APPLICATION SECURITY Trump Administration Rescinds Biden-Era Software Guidance by Alexander Culafi JAN 29, 2026 APPLICATION SECURITY Microsoft Fixes Exploited Zero Day in Light Patch Tuesday by Jai Vijayan, Contributing Writer DEC 09, 2025 Latest Articles in DR Technology REMOTE WORKFORCE Akamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers MAY 22, 2026 CYBER RISK What It'll Take to Make AI BOMs Usable in a Modern Security Program MAY 19, 2026 CYBER RISK Is 2026 the Year AI Bills of Materials Get Real? MAY 18, 2026 CYBER RISK SecurityScorecard Snags Driftnet to Level Up Threat Intelligence MAY 14, 2026 Read More DR Technology
    💬 Team Notes
    Article Info
    Source
    Dark Reading
    Category
    ◇ Industry News & Leadership
    Published
    May 27, 2026
    Archived
    May 27, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗