OpenClaw and AI agents: what IAM teams are missing

TL;DR: OpenClaw’s postmortem shows that 21,639 exposed instances, plaintext credentials, and a 1.5 million-agent platform can turn AI agent adoption into an ungoverned NHI problem, according to Clutch Security. The deeper issue is that agent governance assumes stable identity, reviewable access, and human checkpoints, all of which collapse when tools act at runtime without those constraints.

NHIMG editorial — based on content published by Clutch Security: OpenClaw Broke the Internet. The Postmortem Should Break Your Assumptions

By the numbers:

• Within 72 hours, the platform claimed 1.5 million autonomous agents.

Questions worth separating out

Q: What breaks when AI agents are treated like ordinary service accounts?

A: What breaks is the assumption that the identity is static, inspectable, and easy to recertify.

Q: Why do AI agents complicate NHI governance more than other workloads?

A: They complicate governance because they combine credentials, execution, and decision-making in one runtime.

Q: How do security teams know whether an agent identity is actually governed?

A: An agent identity is governed only when teams can identify the owner, locate the credentials, define the allowed scope, and revoke access without hunting across endpoints or backup files.

Practitioner guidance

• Classify agent platforms as governed non-human identities Assign owners, scopes, and lifecycle states to every agent instance, including local test deployments that can reach production systems.
• Eliminate plaintext secret storage in agent runtimes Move API keys, OAuth tokens, and messaging credentials out of Markdown, JSON, and backup-readable local files.
• Review agent extensions like privileged software supply chain inputs Require provenance checks, approval workflows, and revocation paths for skills, plugins, and extensions that can influence agent behavior or access.

What's in the full article

Clutch Security's full blog post covers the operational detail this post intentionally leaves for the source:

• The exact exploit paths behind OpenClaw's exposed backend, plaintext secrets, and control UI behaviour.
• Examples of malicious skills, extension abuse, and distribution mistakes that widened the attack surface.
• The broader MCP and endpoint adoption patterns that made agent compromise easier to miss in practice.
• The specific mitigation steps and detection ideas the vendor discusses for agent-heavy environments.

👉 Read Clutch Security's analysis of OpenClaw and compromised AI agent identities →

OpenClaw and AI agents: what IAM teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →