Notifications
Clear all
Topic starter
07/06/2026 11:29 am
TL;DR: OpenClaw-style AI agents can control devices, call services, and chain tool use at machine speed, which shifts identity risk from user behaviour to runtime access patterns, according to Orchid Security. The real problem is that access review, static privilege, and human-paced governance all assume a stable actor, not an agent that can replan mid-session.
NHIMG editorial — based on content published by Orchid Security: LLMjacking and OpenClaw identity risk analysis
Questions worth separating out
Q: What breaks when AI agents are given broad runtime access without human approval gates?
A: What breaks first is the assumption that access can be reviewed before it is abused.
Q: Why do AI agents complicate enterprise identity governance?
A: AI agents complicate identity governance because they can combine identity, tool use, and timing at runtime rather than following a fixed script.
Q: How can security teams tell whether agent access is actually under control?
A: Look for evidence that the team can trace every tool call, secret use, and cross-system action back to a named owner and a valid approval path.
Practitioner guidance
- Classify agent runtime permissions as an identity control plane Inventory every tool, file scope, messaging channel, browser action, and sub-agent permission that an AI system can reach.
- Reduce the blast radius of secrets exposed to agents Separate secrets used for human workflows from secrets available to agent workflows, and isolate client secrets, tokens, and credentials behind distinct service accounts with narrow scopes.
- Constrain cross-tool chaining before deployment Block agents from moving freely between messaging, browser control, infrastructure commands, and memory systems unless each transition is explicitly justified.
What's in the full article
Orchid Security's full blog post covers the simulation detail this post intentionally leaves for the source:
- The step-by-step OpenClaw lab setup showing how the agent was configured to access enterprise-like tools and data.
- The side-by-side comparison of OpenClaw and Claude Code system prompts, including how trust model and tool breadth affect behaviour.
- The full credential-exposure walkthrough showing how a leaked secret can become mailbox, file, and directory access.
- The source article's references and test notes for readers who want to inspect the experiment design in detail.
👉 Read Orchid Security's analysis of OpenClaw, agentic access, and identity risk →
AI agent identity risk: are your controls keeping up?
Explore further
07/06/2026 11:31 am
AI agent identity risk is really a runtime governance problem, not a model-quality problem. The article makes clear that the decisive issue is not whether the agent sounds competent, but whether it can select tools, discover secrets, and act before humans can intervene. That shifts the governance focus from prompt safety to identity controls around execution scope, tool access, and credential handling. Practitioners should treat agent behaviour as an identity event stream, not an AI novelty.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- 52 NHI breach case studies show that exposed identities and over-permissioned access repeatedly turn small initial mistakes into broad compromise.
A question worth separating out:
Q: Who is accountable when an AI agent uses a stolen or over-permissioned credential?
A: Accountability sits with the organisation that allowed the credential to exist, remain broad, or be reachable by the agent. The key issue is lifecycle ownership across service accounts, tokens, and app registrations. If no one owns issuance, scope, and revocation, the agent simply exposes a governance gap that was already there.
👉 Read our full editorial: AI agent identity risk is outpacing enterprise IAM controls
