OpenClaw and shadow enterprise AI: are NHI controls keeping up?

TL;DR: OpenClaw-style agents collapse the boundary between personal AI experiments and enterprise infrastructure, aggregating emails, files, calendars, SaaS permissions, tokens, and cloud credentials into one always-on execution plane, according to Cyera's research. The security model fails when organizations treat these agents as convenience tools instead of high-privilege non-human identities with broad, persistent reach.

NHIMG editorial — based on content published by Cyera: The OpenClaw Security Saga: How AI Adoption Outpaced Security Boundaries

By the numbers:

• Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
• 85% of organisations lack full visibility into third-party vendors connected via OAuth apps.
• 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.

Questions worth separating out

Q: What breaks when an AI assistant is connected to enterprise email and cloud systems without tight scope limits?

A: The agent stops being a convenience layer and becomes a privileged identity with the ability to read, move, or export data across multiple systems.

Q: Why do AI agents complicate least-privilege governance more than normal SaaS integrations?

A: Because the agent reuses delegated permissions automatically and can combine them across content, collaboration, and cloud services in ways that are hard to predict at provisioning time.

Q: What do security teams get wrong about AI skills and plugins?

A: They often treat skills and plugins as optional add-ons instead of part of the access model.

Practitioner guidance

• Inventory agentic access paths Map every AI assistant, plugin, and workflow that can reach email, documents, chat, cloud APIs, or finance systems, then assign an owner and business purpose to each path.
• Restrict broad delegated scopes Remove workspace-wide or full-drive permissions where a narrower consent model will do, and separate read-only workflows from write-capable ones.
• Block untrusted content from privileged execution Require explicit approval when an agent encounters external email, shared documents, or chat messages that can influence high-risk actions.

What's in the full article

Cyera's full research covers the operational detail this post intentionally leaves for the source:

• The full inventory of exposed OpenClaw-style instances and the infrastructure patterns behind them.
• The detailed skill marketplace analysis, including specific privilege requests and malicious extension behaviour.
• The vulnerability references, proof-of-concept context, and misconfiguration examples that support the attack chain.
• The research team's observations on how community adoption and plugin growth changed the exposure profile over time.

👉 Read Cyera's research on OpenClaw and AI agent security boundaries →

OpenClaw and shadow enterprise AI: are NHI controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →