TL;DR: OpenClaw turns an AI assistant into an autonomous executor that can touch browsers, terminals, files, APIs, and enterprise systems, while NemoClaw adds sandboxing, policy enforcement, and routing controls to reduce blast radius, according to Backslash Security. The core governance problem remains shared responsibility: permissions, integrations, supply chain trust, and human oversight still determine whether agentic AI becomes controllable automation or an uncontrolled access path.
NHIMG editorial — based on content published by Backslash Security: NemoClaw vs. OpenClaw, and the security controls needed for autonomous agents
By the numbers:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
Questions worth separating out
Q: What breaks when AI agents are given broad standing access?
A: Broad standing access breaks governance because the agent can move from one task to another without a fresh authorization check.
Q: Why do AI agents complicate traditional IAM and PAM controls?
A: AI agents complicate IAM and PAM because they can make decisions, chain tools, and act faster than human review cycles can respond.
Q: What do teams get wrong about sandboxing autonomous AI agents?
A: Teams often confuse containment with trust.
Practitioner guidance
- Scope agent permissions to task-level access Assign the agent only the API scopes, filesystem rights, and tool permissions needed for a single workflow, then remove persistent access after the task completes.
- Validate every external tool before onboarding Require security review for MCP servers, skills, plugins, and generated dependencies before the agent can use them.
- Monitor agent actions as privileged activity Log every tool invocation, command, file change, and outbound connection the agent makes, then correlate those events with approvals and policy decisions.
What's in the full article
Backslash Security's full blog post covers the operational detail this post intentionally leaves for the source:
- Specific controls used in OpenClaw-style runtime hardening, including network, filesystem, process, and inference isolation.
- Detailed discussion of when deny-by-default egress and immutable system paths materially reduce agent blast radius.
- Practical guidance on validating MCP servers, skills, and other third-party integrations before production use.
- The article's own view on why agentic endpoint security and software supply chain controls must be deployed together.
👉 Read Backslash Security's analysis of NemoClaw and OpenClaw agent risk →
OpenClaw and NemoClaw: are your AI agent controls keeping up?
Explore further
Agentic AI is becoming an NHI governance problem, not just an AI security problem. Once an autonomous agent can authenticate to APIs, operate terminals, and invoke enterprise tools, it functions like a non-human identity with delegated authority. That means IAM and PAM controls must extend to agent runtime behavior, not just human login events. The practitioner conclusion is simple: if the agent can act, it must be governed like a privileged workload.
A question worth separating out:
Q: How should organizations approach the governance of AI agents?
A: Organizations should adopt a governance framework that incorporates continuous visibility, adaptive IAM practices, and stringent policy-based controls. This ensures that all agent actions are tracked, authorized appropriately, and assessed for compliance.
👉 Read our full editorial: NemoClaw and OpenClaw show why agent security needs layered controls