For Enterprises, Security Remains Agentic AI's Biggest Challenge TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposbyRob WrightMay 26, 20264 Min ReadApplication SecurityThe Hackers Behind Shai-Hulud: Lucky or Skilled?The Hackers Behind Shai-Hulud: Lucky or Skilled?byAlexander CulafiMay 26, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite PapersHeard It From a CISOReporters' NotebookPartner PerspectivesMeet the EditorsAdvertise With Us About UsDark Reading Resource LibraryApplication SecurityCyber RiskVulnerabilities & ThreatsEndpoint SecurityNews, news analysis, and commentary on the latest trends in cybersecurity technology.For Enterprises, Security Remains Agentic AI's Biggest ChallengeEvery company needs an agentic AI strategy, but the tools to allow agentic AI frameworks to be safely and securely adopted are just starting to appear.Robert Lemos,Contributing WriterMay 26, 20266 Min ReadSource: Koshiro K via ShutterstockIn January, a mere two months after the OpenClaw project was created, hundreds of users had downloaded the software to run on their own systems. By early March, it had surpassed 250,000 stars on GitHub — a measure of popularity among developers. Then, on March 16, the agentic AI framework earned enterprise legitimacy when Nvidia CEO Jensen Huang, during his keynote at Nvidia's GPU Technology Conference (GTC) 2026."OpenClaw has open-sourced, essentially, the operating system for agentic computers," Huang told the audience, adding: "The implication is incredible... Every company in the world today needs to have an OpenClaw strategy, an agentic-system strategy. This is the new computer."Yet, OpenClaw may not yet be ready for the enterprise primetime, as the framework continues to have massive security and stability concerns. In February, Gartner recommended that companies block downloads and traffic for the platform it deemed was operating "insecurely by default." Several cybersecurity firms have found tens of thousands of vulnerable OpenClaw instances accessible via the Internet. As of early May, researchers have reported at least 454 vulnerabilities in the framework, according to the National Vulnerability Database.Related:OWASP GenAI Security Project Gets Update, New Tools MatrixEfforts to rearchitect the core OpenClaw software to improve security and stability are not simple, and in April, resulted in significant headaches for users — the agents slowed, some installs got stuck in repair loops, and communications through popular channels slowed. OpenClaw creator Peter Steingberger apologized for the issues in a May 5 post."The problem: I underestimated how difficult it would be to get this right," he said.OpenClaw, of course, is not alone. OpenAI hired the creator of OpenClaw to develop agentic capabilities and Anthropic has already added agentic features via an "agentic harness" — an orchestration layer for agents that controls what they can access and do — as well as its widely used Claude skills. A more direct competitor to OpenClaw is Hermes, an open-source, self-improving AI agent that has built-in sandboxing, created by Nous Research.A Formula One Car Without BrakesTackling the security problems posed by agentic AI is not simple nor easy. The software security stack was not built with agents in mind, which resemble users more than software programs, says Dev Rishi, head of AI at Rubrik. Running the same agents at different times may result in different activity."These agents feel like Formula One cars without brakes," Rishi says. "They operate so quickly and they ask for such a high degree of permissions that it really is actually kind of quite scary in terms of what types of risks that they might actually expose an organization to."Related:Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply ChainA human in the loop could act as a control, but with agents running so quickly, gaining human approval for every risky action is not scalable, he says.Yet, promise of improved productivity means that business leaders will continue to feel the pressure. Agentic AI can immediately help with a host of enterprise coordination, administration, and information tasks, says Manoj Nair, chief innovation officer for Snyk, an application security firm.  The frameworks "explode the notion of what an agent can do in people's imagination and drives agentic application development much faster than we have ever seen in the last year," Nair says.More than one-in-five AI-forward companies (22%) had OpenClaw running within days, according to Token Security, an AI agent and non-human identity security firm."We saw how fast it was spreading — basically, like wildfire — and in a lot of cases, it was shadow AI," says Christian Simko, a product evangelist for Token Security. "Users were setting up OpenClaw instances without security or identity teams even knowing about it."Related:Flaw-Finding AI Assistants Face Criticism for Speed, AccuracyTaming the Goal-Oriented AIFirst and foremost, enterprises need visibility into what actions agents are taking and governance controls to set and enforce policies. Nvidia created the NemoClaw — announced at GTC 2026 — to be an enterprise-grade version of OpenClaw, adding agent registration and governance as well as an open-source orchestration layer. NemoClaw uses OpenShell for sandboxing and the Nemotron-3 family of AI models.Demonstrating the need for a new security architecture took about 47 seconds. That's how long an exploit — delivered in a support ticket — needed to escalate permissions, access customer records, exfiltrate data, and modify its own audit logs, covering its tracks, OpenClaw's creator Steinberger said in a March blog post introducing NemoClaw.NemoClaw combines kernel-level isolation through OpenShell, LLM-based policy evaluations, and an extra layer of data security to prevent exfiltration."[F]or the first time, we have a production-grade security architecture that was designed specifically for AI agents," Steinberger said. "Not adapted from web application security, not borrowed from container orchestration — built from the ground up for a world where autonomous AI systems interact with real enterprise infrastructure."The governance and policy engine uses formal methodology to turn policy statements, written in Rego, into actions using the OpenShell Policy Prover (OPP)."We can't just assume the model, the agent, and the harness will do the right thing," says Ali Golshan, senior director of AI software at Nvidia. "We built OpenShell so the governance can be enforced by the infrastructure, and so you could be ensured it's declarative, not probabilistic."The goal is to be able to write policies that allow an agent to read from GitHub, but not write to GitHub, and not to communicate with another agent which has that capability, he says. "We're in the very early stages of this, so this is all frontier research that we're doing."Hybrid ApproachThe security architecture will combine policies on AI enforced by OpenShell, a human or trusted agent in the loop, and a variety of other security tooling and controls to handle edge cases and block malicious content, Golshan says."We're not building traditional detection-and-response technologies, but we do output all the logs and all the traces, so you can now take those and throw them into a data lake, a SIEM, a [security operations center]SOC, and be able to do additional analysis on them," he says. "We give you the typing and the infrastructure, we're not actually doing the logic itself."Other companies have already build additional layers of security. Cisco's Defense Claw, for example, can scan skills and model context protocol (MCP) servers for malicious code or unsanctioned artifacts. There's also Snyk Agent Security.OpenClaw's goal is to make it so stable, it becomes a piece of boring infrastructure, creator Steinberger stated in his May 5 blog post. Toward that end, OpenAI and the OpenClaw Foundation are building  a team around the development of the technology to help create a more modular architecture where less software is in the privileged core."OpenClaw will keep getting more secure. It will also get smaller," he said. "But it has to stay boringly reliable while we do that."About the AuthorRobert LemosContributing WriterRob is an award-winning, veteran technology journalist of more than 30 years, reporting on global cybersecurity issues, the latest offensive and defensive technologies, malware incidents, cyber conflict, and AI's impact on software and cybersecurity. A former research engineer, Rob has written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. He has received five awards for journalism, including Best Deadline Journalism (Online) in 2003 for his coverage of the Blaster worm. Rob also analyzes data on various trends using Python and R for both his reporting and his clients. Recent reports include analyses of the shortage in cybersecurity workers, annual vulnerability trends, and annual threat reports.Rob holds degrees from Cornell University in Electrical Engineering and Computer Science (double major).See more from Robert LemosWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Organizations Are Managing Incident ResponseHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyEssential News & Insights from Black Hat USA 2025How Enterprises Are Harnessing Emerging Technologies in CybersecurityAccess More ResearchWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackDefending in the Shadow Era: When the CVE Feed Goes DarkBuilding SecOps That Make the Most of Every DollarAI-Powered Credential Security: Intelligence Without ExposureAI-Powered Cybersecurity for Resource-Constrained OrganizationsMore WebinarsLatest Articles in DR TechnologyRemote WorkforceAkamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise BrowsersMay 22, 2026|4 Min ReadCyber RiskWhat It'll Take to Make AI BOMs Usable in a Modern Security ProgramMay 20, 2026|9 Min ReadCyber RiskIs 2026 the Year AI Bills of Materials Get Real?May 18, 2026|6 Min ReadCyber RiskSecurityScorecard Snags Driftnet to Level Up Threat IntelligenceMay 14, 2026|2 Min ReadRead More DR TechnologyDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

For enterprises, the integration and secure adoption of agentic artificial intelligence represent the most significant security challenge. While there is a clear need for an agentic AI strategy, the necessary tools for safely and securely implementing these frameworks are still developing. The emergence of agentic AI concepts, exemplified by projects like OpenClaw, highlights the rapid diffusion of these technologies, with some AI-forward companies rapidly deploying these systems, leading to concerns regarding the security and identity teams potentially being unaware of shadow AI activities.

The security landscape for agentic AI is complicated because the underlying software security stack was not originally designed with agents in mind, leading to inherent risks. Experts note that these agents operate with high speeds and demand extensive permissions, creating risks that are analogous to a Formula One car operating without brakes. This rapid, high-privilege operation necessitates new security architectures that can govern agent actions. Furthermore, there is a scalability issue with traditional human oversight, as gaining approval for every risky action taken by fast-moving agents is impractical.

To address these challenges, advancements are being made in creating enterprise-grade security architectures specifically designed for AI agents. Nvidia introduced NemoClaw, an enterprise-grade version of OpenClaw, which incorporates agent registration and governance alongside an open-source orchestration layer utilizing OpenShell for sandboxing. This novel architecture aims to provide a production-grade security framework built from the ground up for autonomous AI systems interacting with enterprise infrastructure, moving beyond adaptations from traditional web application security models.

The governance component of this system relies on formal methodology. Policy statements, written in Rego, are translated into executable actions through the OpenShell Policy Prover (OPP). This mechanism allows organizations to define declarative policies, for instance, stipulating that an agent can read from a repository but cannot write to it or communicate with other agents. This approach aims to ensure that the system guarantees specific agent behaviors rather than relying on probabilistic outcomes.

The proposed security architecture adopts a hybrid approach, combining policies enforced by OpenShell, human or trusted agent intervention, and various other security controls to handle edge cases and block malicious content. Instead of focusing solely on traditional detection-and-response mechanisms, the system emphasizes comprehensive logging and tracing. This data is outputted for integration into data lakes, security information and event management systems (SIEMs), and security operations centers (SOCs), allowing for deeper analysis of agent activities. Other related efforts involve additional security layers, such as Cisco's Defense Claw and Snyk Agent Security, demonstrating a broader industry focus on securing these emerging assets.

The ongoing effort from key developers, including OpenAI and the OpenClaw Foundation, is focused on building a more modular architecture to ensure the stability of the technology. The long-term goal is to make the agentic framework reliable and stable while progressively reducing the amount of software residing in the privileged core, thereby ensuring that the system remains boringly reliable even as it evolves.