AI agent authorization gaps: are your controls keeping up?

TL;DR: OpenClaw's rapid adoption and the wider rise of shadow AI show that autonomous agents are already operating inside enterprise environments with access and actions that traditional IAM cannot govern, according to EnforceAuth. The core problem is not authentication at login but the broken assumption that access can be safely defined before runtime decisions begin.

NHIMG editorial — based on content published by EnforceAuth: OpenClaw isn't the problem. It's the proof

By the numbers:

• 70% of security leaders have already discovered unauthorized AI tools running with elevated access in production.
• 92% lack full visibility into their AI identities.
• 23% of enterprise environments examined had unauthorized OpenClaw deployments.

Questions worth separating out

Q: What breaks when AI agents are governed only with login-based IAM?

A: Login-based IAM breaks because it stops at authentication and never evaluates the thousands of actions an autonomous agent may take after sign-in.

Q: Why do autonomous AI agents create more risk than ordinary automation?

A: Autonomous agents create more risk because they make independent runtime decisions about which tools to use, what actions to take, and when to take them.

Q: How do security teams know if AI identities are operating outside policy?

A: Security teams need telemetry that ties each agent action to an approved policy decision, the resource touched, and the delegation chain that led to the request.

Practitioner guidance

• Map every AI identity to an owner and approval path Record whether each agent uses human credentials, OAuth tokens, service accounts, or direct API keys, then assign an accountable business and security owner for each identity.
• Move from login-based controls to per-action policy checks Evaluate each agent command against context such as resource sensitivity, delegation chain, and current task scope, so the system decides whether the action is allowed at execution time.
• Constrain inherited access before agents reach production Review OAuth grants, cloud entitlements, and service permissions that agents inherit by default, then remove broad access that is not necessary for the task.

What's in the full article

EnforceAuth's full analysis covers the operational detail this post intentionally leaves for the source:

• Policy-as-code implementation guidance for runtime authorisation across agent actions
• Examples of how delegated credentials and OAuth tokens are handled in agent workflows
• The article's own FAQ on decision-centric authorisation, shadow AI, and authorization gaps
• Operational framing for teams considering enforcement without modifying the agents themselves

👉 Read EnforceAuth's analysis of AI agent authorization gaps and runtime control →

AI agent authorization gaps: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →