AI agent identity risk and runtime control: what changes now?

TL;DR: OpenClaw shows how an agentic loop can combine persistent memory, local-machine access, and autonomous action to create a security problem that conventional app consent models do not solve, according to 1Password. The broken assumption is that one-time approval can govern adaptive behaviour; once the agent changes context, that model no longer holds.

NHIMG editorial — based on content published by 1Password: OpenClaw, the locally running AI agent, and the security model it exposes

Questions worth separating out

Q: How should security teams govern AI agents that can act autonomously?

A: Security teams should govern AI agents as runtime identities, not as ordinary applications.

Q: Why do one-time consent screens fail for AI agents?

A: One-time consent screens fail because they assume future behaviour will match the original approval moment.

Q: What breaks when AI agent memory is stored in readable files?

A: Readable memory files expand the impact of a compromise far beyond a single token leak.

Practitioner guidance

• Define agent identities as first-class subjects Assign each agent its own identity, ownership, and audit trail so its actions are not collapsed into the human operator or a generic application account.
• Move secrets out of plain-text agent storage Do not leave API keys, session tokens, transcripts, or long-term memory in readable local files where infostealers can collect them in seconds.
• Mediate access at runtime for each action Require per-action authorization for sensitive tool use so the agent cannot rely on one approval to justify later context changes.

What's in the full article

1Password's full article covers the operational detail this post intentionally leaves for the source:

• How OpenClaw stores memory, tokens, and configuration on disk in ways that change the threat model.
• Why a dedicated Mac mini, separate email, and separate account were used to reduce blast radius.
• How the agent’s autonomous loop changes what runtime mediation must look like in practice.
• What 1Password proposes as the access mediation layer for agent identities.

👉 Read 1Password's analysis of OpenClaw, AI agent identity, and runtime access control →

AI agent identity risk and runtime control: what changes now?

Explore further

View Full Forum →  |  NHI Foundation Course →