Become a TechRadar Insider
When employees and developers adopt new tools independently, IT management often discovers them only after they are deeply embedded in daily workflows.
OpenClaw, a widely used AI agent, illustrates this point clearly. On the surface, it provides convenience, managing tasks, sending messages, and automating repetitive workflows.
Behind the scenes, it operates with broad authority, holding credentials, executing commands, and connecting across systems without oversight.
Head of Research at Oasis Security.
The vulnerability identified by our Threat Research Team is a window into a larger truth: AI agents are now operational actors rather than simple productivity tools.
They act autonomously and silently, representing a new class of enterprise risk. Security leaders can no longer ignore the risks these agents pose. They must understand how and why compromises occur.
The Rise of OpenClaw
OpenClaw became widely adopted almost immediately after release. It runs locally on machines, connects to messaging platforms, developer tools, and calendars, and can manage complex workflows independently.
Its architecture consists of a local gateway that coordinates connected nodes. These nodes can execute system commands, access files, and interact with other platforms. Users control the agent through web interfaces or command-line terminals, but once configured, the agent operates without direct oversight.
This adoption reflects a broader reality. AI agents are becoming the operating layer of the enterprise. Governance is not keeping pace, and that gap is what separates organizations that will scale from those that will struggle to control what they have deployed. According to Deloitte, 74% of companies plan to deploy agentic AI within two years, while only 21% have a mature governance model in place. That gap is precisely what makes agents like OpenClaw so dangerous. They are powerful, often invisible to IT teams, and operating well ahead of the policies meant to contain them.
What the Oasis Threat Research Team Discovered
Our Oasis Security Research Team uncovered a vulnerability that illustrates the risks of under-governed AI agents. In OpenClaw, any website visited by a developer could silently take control of the local agent. No extensions, plugins, or user action were required.
The attack exploited OpenClaw’s local WebSocket gateway. Malicious JavaScript could connect to the gateway, brute-force the password, and register as a trusted device. Once authenticated, the attacker could access configuration data, enumerate connected nodes, read logs, and execute commands across connected systems.
Compromising a single AI agent could effectively compromise an entire workstation. OpenClaw maintainers issued a fix within 24 hours, but the vulnerability highlights a systemic risk. Autonomous agents operating outside governance create opportunities for attacks that are difficult to detect and contain.
A New Security Category
AI agents are not traditional business software. They are autonomous entities with privileges across enterprise systems. They require identities to take action, and can perform multi-step actions, and interact with internal and external environments without supervision.
AI agents respond dynamically to input and can operate continuously. This autonomy makes attacks such as agent hijacking and prompt manipulation more consequential. OpenClaw illustrates how misplaced trust assumptions, such as allowing local connections broad privileges, can be exploited. Similar risks exist wherever autonomous agents are deployed without clear governance.
The Emerging Risk of “Shadow AI”
Many AI agents are deployed without IT or security awareness. This shadow AI exists on developer machines, storing credentials, connecting to messaging platforms, and executing actions independently.
The danger is tangible. Shadow AI may carry elevated access to sensitive systems with no oversight to match. As adoption grows, organizations face increasing risk from autonomous agents that act silently. The next breach may originate not from a person, but from an AI system trusted to perform work on their behalf.
What Organizations Should Do Now
The window for getting governance right is closing fast. PwC finds that 79% of organizations have already deployed AI agents at some level. The organizations that will scale AI successfully are the ones building governance infrastructure now:
1. Gain visibility. Inventory AI agents, autonomous assistants, and local LLM servers across developer environments. Unseen agents are ungoverned agents.
2. Patch without delay. Vulnerable agents, including OpenClaw, must be updated immediately. Treat these updates with the same priority as critical security patches.
3. Scope access carefully. Agents hold credentials often with elevated permissions. Audit these privileges and enforce least privilege wherever possible.
4. Govern non-human identities rigorously. Treat agents as identities. Implement intent analysis to understand proposed actions, enforce deterministic policies to prevent unsafe operations, grant just-in-time scoped access, and maintain full auditability linking human intent to agent action.
These measures allow organizations to balance safety with innovation.
The Lesson of OpenClaw
OpenClaw has been patched, but Oasis’ discovery serves as a warning. AI agents are operational actors, not tools. Organizations that continue to treat them as productivity features are operating in the dark and inviting risk.
AI agents are already part of enterprise workflows. The question is no longer whether to govern them, but whether your organization will build that capability before an incident arises. Organizations that enforce policy, maintain full audit trails, and govern agentic identities will be the ones that scale AI with confidence. Those that fail to adapt will find that the next enterprise compromise originates not from a human, but from the very autonomous systems they trusted to accelerate work.
We list the best internet security suites.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit