For Enterprises, Security Remains Agentic AI's Biggest Challenge
Dark ReadingArchived May 27, 2026✓ Full text saved
Every company needs an agentic AI strategy, but the tools to allow agentic AI frameworks to be safely and securely adopted are just starting to appear.
Full text archived locally
✦ AI Summary· Claude Sonnet
APPLICATION SECURITY
CYBER RISK
VULNERABILITIES & THREATS
ENDPOINT SECURITY
News, news analysis, and commentary on the latest trends in cybersecurity technology.
For Enterprises, Security Remains Agentic AI's Biggest Challenge
Every company needs an agentic AI strategy, but the tools to allow agentic AI frameworks to be safely and securely adopted are just starting to appear.
Robert Lemos,Contributing Writer
May 26, 2026
6 Min Read
SOURCE: KOSHIRO K VIA SHUTTERSTOCK
In January, a mere two months after the OpenClaw project was created, hundreds of users had downloaded the software to run on their own systems. By early March, it had surpassed 250,000 stars on GitHub — a measure of popularity among developers. Then, on March 16, the agentic AI framework earned enterprise legitimacy when Nvidia CEO Jensen Huang, during his keynote at Nvidia's GPU Technology Conference (GTC) 2026.
"OpenClaw has open-sourced, essentially, the operating system for agentic computers," Huang told the audience, adding: "The implication is incredible... Every company in the world today needs to have an OpenClaw strategy, an agentic-system strategy. This is the new computer."
Yet, OpenClaw may not yet be ready for the enterprise primetime, as the framework continues to have massive security and stability concerns. In February, Gartner recommended that companies block downloads and traffic for the platform it deemed was operating "insecurely by default." Several cybersecurity firms have found tens of thousands of vulnerable OpenClaw instances accessible via the Internet. As of early May, researchers have reported at least 454 vulnerabilities in the framework, according to the National Vulnerability Database.
Related:OWASP GenAI Security Project Gets Update, New Tools Matrix
Efforts to rearchitect the core OpenClaw software to improve security and stability are not simple, and in April, resulted in significant headaches for users — the agents slowed, some installs got stuck in repair loops, and communications through popular channels slowed. OpenClaw creator Peter Steingberger apologized for the issues in a May 5 post.
"The problem: I underestimated how difficult it would be to get this right," he said.
OpenClaw, of course, is not alone. OpenAI hired the creator of OpenClaw to develop agentic capabilities and Anthropic has already added agentic features via an "agentic harness" — an orchestration layer for agents that controls what they can access and do — as well as its widely used Claude skills. A more direct competitor to OpenClaw is Hermes, an open-source, self-improving AI agent that has built-in sandboxing, created by Nous Research.
A Formula One Car Without Brakes
Tackling the security problems posed by agentic AI is not simple nor easy. The software security stack was not built with agents in mind, which resemble users more than software programs, says Dev Rishi, head of AI at Rubrik. Running the same agents at different times may result in different activity.
"These agents feel like Formula One cars without brakes," Rishi says. "They operate so quickly and they ask for such a high degree of permissions that it really is actually kind of quite scary in terms of what types of risks that they might actually expose an organization to."
Related:Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
A human in the loop could act as a control, but with agents running so quickly, gaining human approval for every risky action is not scalable, he says.
Yet, promise of improved productivity means that business leaders will continue to feel the pressure. Agentic AI can immediately help with a host of enterprise coordination, administration, and information tasks, says Manoj Nair, chief innovation officer for Snyk, an application security firm. The frameworks "explode the notion of what an agent can do in people's imagination and drives agentic application development much faster than we have ever seen in the last year," Nair says.
More than one-in-five AI-forward companies (22%) had OpenClaw running within days, according to Token Security, an AI agent and non-human identity security firm.
"We saw how fast it was spreading — basically, like wildfire — and in a lot of cases, it was shadow AI," says Christian Simko, a product evangelist for Token Security. "Users were setting up OpenClaw instances without security or identity teams even knowing about it."
Related:Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy
Taming the Goal-Oriented AI
First and foremost, enterprises need visibility into what actions agents are taking and governance controls to set and enforce policies. Nvidia created the NemoClaw — announced at GTC 2026 — to be an enterprise-grade version of OpenClaw, adding agent registration and governance as well as an open-source orchestration layer. NemoClaw uses OpenShell for sandboxing and the Nemotron-3 family of AI models.
Demonstrating the need for a new security architecture took about 47 seconds. That's how long an exploit — delivered in a support ticket — needed to escalate permissions, access customer records, exfiltrate data, and modify its own audit logs, covering its tracks, OpenClaw's creator Steinberger said in a March blog post introducing NemoClaw.
NemoClaw combines kernel-level isolation through OpenShell, LLM-based policy evaluations, and an extra layer of data security to prevent exfiltration.
"[F]or the first time, we have a production-grade security architecture that was designed specifically for AI agents," Steinberger said. "Not adapted from web application security, not borrowed from container orchestration — built from the ground up for a world where autonomous AI systems interact with real enterprise infrastructure."
The governance and policy engine uses formal methodology to turn policy statements, written in Rego, into actions using the OpenShell Policy Prover (OPP).
"We can't just assume the model, the agent, and the harness will do the right thing," says Ali Golshan, senior director of AI software at Nvidia. "We built OpenShell so the governance can be enforced by the infrastructure, and so you could be ensured it's declarative, not probabilistic."
The goal is to be able to write policies that allow an agent to read from GitHub, but not write to GitHub, and not to communicate with another agent which has that capability, he says. "We're in the very early stages of this, so this is all frontier research that we're doing."
Hybrid Approach
The security architecture will combine policies on AI enforced by OpenShell, a human or trusted agent in the loop, and a variety of other security tooling and controls to handle edge cases and block malicious content, Golshan says.
"We're not building traditional detection-and-response technologies, but we do output all the logs and all the traces, so you can now take those and throw them into a data lake, a SIEM, a [security operations center]SOC, and be able to do additional analysis on them," he says. "We give you the typing and the infrastructure, we're not actually doing the logic itself."
Other companies have already build additional layers of security. Cisco's Defense Claw, for example, can scan skills and model context protocol (MCP) servers for malicious code or unsanctioned artifacts. There's also Snyk Agent Security.
OpenClaw's goal is to make it so stable, it becomes a piece of boring infrastructure, creator Steinberger stated in his May 5 blog post. Toward that end, OpenAI and the OpenClaw Foundation are building a team around the development of the technology to help create a more modular architecture where less software is in the privileged core.
"OpenClaw will keep getting more secure. It will also get smaller," he said. "But it has to stay boringly reliable while we do that."
About the Author
Robert Lemos
Contributing Writer
Rob is an award-winning, veteran technology journalist of more than 30 years, reporting on global cybersecurity issues, the latest offensive and defensive technologies, malware incidents, cyber conflict, and AI's impact on software and cybersecurity.
A former research engineer, Rob has written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. He has received five awards for journalism, including Best Deadline Journalism (Online) in 2003 for his coverage of the Blaster worm. Rob also analyzes data on various trends using Python and R for both his reporting and his clients. Recent reports include analyses of the shortage in cybersecurity workers, annual vulnerability trends, and annual threat reports.
Rob holds degrees from Cornell University in Electrical Engineering and Computer Science (double major).
Want more Dark Reading stories in your Google search results?
ADD US NOW
More Insights
Industry Reports
How Organizations Are Managing Incident Response
How Enterprises Are Developing Secure Applications
Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy
Essential News & Insights from Black Hat USA 2025
How Enterprises Are Harnessing Emerging Technologies in Cybersecurity
Access More Research
Webinars
Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack
Defending in the Shadow Era: When the CVE Feed Goes Dark
Building SecOps That Make the Most of Every Dollar
AI-Powered Credential Security: Intelligence Without Exposure
AI-Powered Cybersecurity for Resource-Constrained Organizations
More Webinars
You May Also Like
APPLICATION SECURITY
Supply Chain Attack Secretly Installs OpenClaw for Cline Users
by Rob Wright
FEB 19, 2026
APPLICATION SECURITY
Chinese Hackers Hijack Notepad++ Updates for 6 Months
by Jai Vijayan, Contributing Writer
FEB 02, 2026
APPLICATION SECURITY
Trump Administration Rescinds Biden-Era Software Guidance
by Alexander Culafi
JAN 29, 2026
APPLICATION SECURITY
Microsoft Fixes Exploited Zero Day in Light Patch Tuesday
by Jai Vijayan, Contributing Writer
DEC 09, 2025
Latest Articles in DR Technology
REMOTE WORKFORCE
Akamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers
MAY 22, 2026
CYBER RISK
What It'll Take to Make AI BOMs Usable in a Modern Security Program
MAY 19, 2026
CYBER RISK
Is 2026 the Year AI Bills of Materials Get Real?
MAY 18, 2026
CYBER RISK
SecurityScorecard Snags Driftnet to Level Up Threat Intelligence
MAY 14, 2026
Read More DR Technology