TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Application Security Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos by Rob Wright May 26, 2026 4 Min Read Application Security The Hackers Behind Shai-Hulud: Lucky or Skilled? The Hackers Behind Shai-Hulud: Lucky or Skilled? by Alexander Culafi May 26, 2026 5 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America See All The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Heard It From a CISO Reporters' Notebook Partner Perspectives Meet the Editors Advertise With Us About Us Dark Reading Resource Library Application Security Cyber Risk Vulnerabilities & Threats Endpoint Security News, news analysis, and commentary on the latest trends in cybersecurity technology. For Enterprises, Security Remains Agentic AI's Biggest Challenge Every company needs an agentic AI strategy, but the tools to allow agentic AI frameworks be safely and securely adopted are just starting to appear. Robert Lemos , Contributing Writer May 26, 2026 6 Min Read Source: Koshiro K via Shutterstock In January, a mere two months after the OpenClaw project was created, hundreds of users had downloaded the software to run on their own systems. By early March, it had surpassed 250,000 stars on GitHub — a measure of popularity among developers. Then, on March 16, the agentic AI framework earned enterprise legitimacy when Nvidia CEO Jensen Huang, during his keynote at Nvidia's GPU Technology Conference (GTC) 2026. "OpenClaw has open-sourced, essentially, the operating system for agentic computers," Huang told the audience , adding: "The implication is incredible... Every company in the world today needs to have an OpenClaw strategy, an agentic-system strategy. This is the new computer." Yet, OpenClaw may not yet be ready for the enterprise primetime, as the framework continues to have massive security and stability concerns . In February, Gartner recommended that companies block downloads and traffic for the platform it deemed was operating "insecurely by default." Several cybersecurity firms have found tens of thousands of vulnerable OpenClaw instances accessible via the Internet. As of early May, researchers have reported at least 454 vulnerabilities in the framework, according to the National Vulnerability Database. Related: OWASP GenAI Security Project Gets Update, New Tools Matrix Efforts to rearchitect the core OpenClaw software to improve security and stability are not simple, and in April, resulted in significant headaches for users — the agents slowed, some installs got stuck in repair loops, and communications through popular channels slowed. OpenClaw creator Peter Steingberger apologized for the issues in a May 5 post. "The problem: I underestimated how difficult it would be to get this right," he said. OpenClaw, of course, is not alone. OpenAI hired the creator of OpenClaw to develop agentic capabilities and Anthropic has already added agentic features via an "agentic harness" — an orchestration layer for agents that controls what they can access and do — as well as its widely used Claude skills. A more direct competitor to OpenClaw is Hermes, an open-source, self-improving AI agent that has built-in sandboxing, created by Nous Research. A Formula One Car Without Brakes Tackling the security problems posed by agentic AI is not simple nor easy. The software security stack was not built with agents in mind, which resemble users more than software programs, says Dev Rishi, head of AI at Rubrik. Running the same agents at different times may result in different activity. "These agents feel like Formula One cars without brakes," Rishi says. "They operate so quickly and they ask for such a high degree of permissions that it really is actually kind of quite scary in terms of what types of risks that they might actually expose an organization to." Related: Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain A human in the loop could act as a control, but with agents running so quickly, gaining human approval for every risky action is not scalable, he says. Yet, promise of improved productivity means that business leaders will continue to feel the pressure. Agentic AI can immediately help with a host of enterprise coordination, administration, and information tasks, says Manoj Nair, chief innovation officer for Snyk, an application security firm. The frameworks "explode the notion of what an agent can do in people's imagination and drives agentic application development much faster than we have ever seen in the last year," Nair says. More than one-in-five AI-forward companies (22%) had OpenClaw running within days, according to Token Security, an AI agent and non-human identity security firm. "We saw how fast it was spreading — basically, like wildfire — and in a lot of cases, it was shadow AI," says Christian Simko, a product evangelist for Token Security. "Users were setting up OpenClaw instances without security or identity teams even knowing about it." Related: Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy Taming the Goal-Oriented AI First and foremost, enterprises need visibility into what actions agents are taking and governance controls to set and enforce policies. Nvidia created the NemoClaw — announced at GTC 2026 — to be an enterprise-grade version of OpenClaw, adding agent registration and governance as well as an open-source orchestration layer. NemoClaw uses OpenShell for sandboxing and the Nemotron-3 family of AI models. Demonstrating the need for a new security architecture took about 47 seconds. That's how long an exploit — delivered in a support ticket — needed to escalate permissions, access customer records, exfiltrate data, and modify its own audit logs, covering its tracks, OpenClaw's creator Steinberger said in a March blog post introducing NemoClaw . NemoClaw combines kernel-level isolation through OpenShell, LLM-based policy evaluations, and an extra layer of data security to prevent exfiltration. "[F]or the first time, we have a production-grade security architecture that was designed specifically for AI agents," Steinberger said. "Not adapted from web application security, not borrowed from container orchestration — built from the ground up for a world where autonomous AI systems interact with real enterprise infrastructure." The governance and policy engine uses formal methodology to turn policy statements, written in Rego, into actions using the OpenShell Policy Prover (OPP). "We can't just assume the model, the agent, and the harness will do the right thing," says Ali Golshan, senior director of AI software at Nvidia. "We built OpenShell so the governance can be enforced by the infrastructure, and so you could be ensured it's declarative, not probabilistic." The goal is to be able to write policies that allow an agent to read from GitHub, but not write to GitHub, and not to communicate with another agent which has that capability, he says. "We're in the very early stages of this, so this is all frontier research that we're doing." Hybrid Approach The security architecture will combine policies on AI enforced by OpenShell, a human or trusted agent in the loop, and a variety of other security tooling and controls to handle edge cases and block malicious content, Golshan says. "We're not building traditional detection-and-response technologies, but we do output all the logs and all the traces, so you can now take those and throw them into a data lake, a SIEM, a [security operations center]SOC, and be able to do additional analysis on them," he says. "We give you the typing and the infrastructure, we're not actually doing the logic itself." Other companies have already build additional layers of security. Cisco's Defense Claw , for example, can scan skills and model context protocol (MCP) servers for malicious code or unsanctioned artifacts. There's also Snyk Agent Security. OpenClaw's goal is to make it so stable, it becomes a piece of boring infrastructure, creator Steinberger stated in his May 5 blog post . Toward that end, OpenAI and the OpenClaw Foundation are building a team around the development of the technology to help create a more modular architecture where less software is in the privileged core. "OpenClaw will keep getting more secure. It will also get smaller," he said. "But it has to stay boringly reliable while we do that." About the Author Robert Lemos Contributing Writer Rob is an award-winning, veteran technology journalist of more than 30 years, reporting on global cybersecurity issues, the latest offensive and defensive technologies, malware incidents, cyber conflict, and AI's impact on software and cybersecurity. A former research engineer, Rob has written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Tech