In the race for peak productivity, a new breed of popular autonomous AI agents has arrived. This new generation of autonomous AI actors promises to do more than just chat—they can read your emails, manage your calendar, execute terminal commands, and even move money. They are open source and can run on commodity hardware, so they are cheap to implement.
And they can truly act autonomously.
Leading the charge is OpenClaw (the agent formerly known as Moltbot), an open-source sensation being hailed as “Claude with hands.”
But for AI compliance and security teams, the productivity miracle promised by agents is quickly becoming a primary vector for a new kind of shadow IT. When agents are ungoverned, they aren't just helpful assistants—they can be over-privileged, non-human identities with the power to cause massive damage in seconds.
So how do responsible AI governance teams effectively activate the powerful capabilities of agents like OpenClaw without exposing their infrastructure to new risks? The answer lies in a modern approach to agent operations designed for the new autonomous workforce.
What is OpenClaw (Moltbot) and Why Is It Going Viral?
But first let’s take a look at the new types of risks that agents like OpenClaw introduce.
OpenClaw solves the last mile problem of AI: action. Unlike a standard chatbot that provides information, OpenClaw is an AI agent designed to take action across your entire fleet of applications. It acts as a personal assistant with access to your environment and most sensitive data. It’s easy to install locally on a user's machine and seamlessly connects to popular messaging apps like Slack, Gmail, and WhatsApp—and most concerning—your system shell. This allows OpenClaw to run commands, manage files, and execute scripts autonomously. Unlike other GenAI tools, Moltbot runs 24/7 in the background, monitoring your environment and proactively taking action as needed.
This uncontrolled agency is a huge benefit. Imagine this scenario: OpenClaw monitors your calendar, sees that you have a flight in 2 hours, and messages you on WhatsApp: "Hey, I checked Google Maps and traffic is piling up, shall I call you an Uber now?”
While powerful, this level of access and autonomy also creates significant risk. To be effective, OpenClaw requires the keys to the kingdom: sensitive API keys, session tokens, and system-level permissions. Without proper governance, this can lead to exposed data and credentials.
In just a few days, OpenClaw has become one of the most popular agentic tools on GitHub amassing over 150k stars. Source: star-history.com.
And this isn’t just a theoretical threat. With the OpenClaw repository exploding past 150,000 GitHub stars in mere days, employees are adopting it en masse—often leaving security teams in the dark. Security incidents are already filling the headlines, from attackers hijacking agents to drain Stripe accounts to the discovery of hundreds of exposed instances leaking internal Slack logs to the open web.
The 3 Big Risks of Ungoverned AI Agents
While the efficiency gains are tempting, OpenClaw (and oftentimes other AI agents) introduces a lethal trifecta of risks that traditional security tools aren't built to handle:
- Exposed Credentials and Identity Sprawl: Research has already found hundreds of OpenClaw instances exposed to the open web with zero authentication. These instances leak plaintext API keys and OAuth tokens for critical business apps. These agents create persistent, non-human identities that often fall outside the reach of standard Identity and Access Management (IAM) controls.
- Indirect Prompt Injection & Memory Poisoning: OpenClaw doesn’t just follow your instructions; it processes data from the outside world. If a malicious actor sends an email or a WhatsApp message containing a hidden instruction, the agent might execute it without you ever knowing. Worse, Moltbot’s persistent memory means a poisoned instruction can sit dormant for weeks before being triggered by a specific event.
- Autonomous Blast Radius: A single compromised agent has a massive blast radius. OpenClaw can run shell commands and write files, so a flaw in the agent configuration or a malicious third-party skill downloaded by a user can lead to Remote Code Execution (RCE). In the blink of an eye, an agent's mistake (or a cyberattack) can delete data, exfiltrate secrets, or corrupt system configurations across multiple connected clouds.
Securing the Agent Frontier: Visibility, Governance, and Remediation
To embrace the power of autonomous AI like OpenClaw, enterprises need a modern approach to agent operations comprised of three key pillars:
- Visibility: You cannot protect what you cannot see. Security teams must be able to detect active agents like OpenClaw in real-time. Also, they need a registry that captures what data each agent can access, the specific actions they are taking and the identities they are using.
- Governance: Security teams must be able to set hard guardrails. This means enforcing least-privilege access for agents and creating real-time policies that prevent them from taking destructive actions (like "delete all" or "sharing PII”).
- Remediation: In an autonomous world, mistakes happen at machine speed. If an agent goes rogue or is compromised, you need a rewind button—the ability to surgically roll back only the changes made by that specific agent without taking down the entire system.
How Rubrik Agent Cloud Solves the Agent Crisis
At Rubrik, we recently launched a unified control layer designed specifically for this new paradigm—Rubrik Agent Cloud. Unlike traditional observability tools that only tell you when something goes wrong, Rubrik Agent Cloud goes further by securing your environment with real-time blocking and providing a path to recovery if damage occurs. The platform—currently in private preview and going into GA soon—helps protect your autonomous workforce in these three ways:
Agent Monitoring automatically discovers custom agents like OpenClaw and those built on low code platforms like Microsoft Copilot or Amazon Bedrock. Agents are automatically discovered and mapped so you know exactly what they can touch and the actions they’ve taken.
- Agent Governance provides a central command center to enforce real-time policies. You can define what an agent is allowed to do and receive instant alerts when an agent attempts to violate a security policy or set-up tool blocking to prevent adverse actions.
Agent Rewind is your "undo button" for AI. If a OpenClaw instance—or any other agent—makes a destructive mistake or is manipulated by a prompt injection, Rubrik allows you to perform a surgical, time-point recovery to reverse the damage instantly.
The era of autonomous agents is here. Don't let a bot open the back door into your enterprise. Interested in learning more:
- Get started by requesting access to Rubrik Agent Cloud
- Take a self guided tour to see Agent Monitor, Agent Govern, and Agent Rewind in action
- Watch a short video to Agent Cloud in action
Safe Harbor Statement
Any unreleased services or features referenced in this document are not currently available and may not be made generally available on time or at all, as may be determined in our sole discretion. Any such referenced services or features do not represent promises to deliver, commitments, or obligations of Rubrik, Inc. and may not be incorporated into any contract. Customers should make their purchase decisions based upon services and features that are currently generally available.