AI is moving faster than your security policies

Artificial intelligence is moving faster than most businesses can realistically keep up with. Every week there seems to be another tool promising to automate your inbox, manage your calendar, respond to emails, and streamline your workflow. The pitch is simple: connect your accounts, give the AI access, and let it start working for you.

For a busy business owner, that promise is incredibly appealing.

Recently, I almost handed one of those tools the keys to my entire company. Thankfully, my IT team stepped in before I did.

I’ve spent more than a decade working in the PHCP/PVF industry, first on the manufacturer side and now running a marketing agency that serves manufacturers and rep firms across North America. Over the years I’ve watched our industry slowly adopt new technology — from websites and digital catalogs to CRM systems and social media. AI is simply the next wave. But like every wave of technology before it, the tools arriving first are not always the ones businesses should trust immediately.

Last month I started hearing more chatter about a new AI assistant called OpenClaw. Around the same time, the tech world was also discussing Anthropic’s Claude model and the broader conversation around AI guardrails, safety restrictions, and how powerful AI systems should be deployed responsibly.

As someone who runs a marketing agency and pays close attention to emerging technology, the discussion caught my attention. Like many business owners right now, I found myself asking a simple question: Could AI actually help run parts of the business?

Tools like OpenClaw promise exactly that.

Unlike traditional chat-based AI systems, autonomous AI agents can connect directly to the digital tools we use every day. Once connected, they can read and send email, manage calendars, interact with collaboration platforms like Slack or Teams, browse the web, and even execute tasks on your computer.

In theory, it’s like hiring a digital assistant that never sleeps.

For anyone running a business, that idea is hard to ignore. We’re constantly looking for ways to improve efficiency, remove friction, and keep things moving forward. When I first read about OpenClaw, I started thinking about the possibilities. So I decided to experiment.

I purchased a Mac Mini specifically to test AI agents in a controlled environment. My plan was to isolate the system from my primary devices, set up an agent, and see what these tools could actually do.

At the time, it felt like exactly the kind of bold experimentation entrepreneurs should be doing. Then my IT company stepped in.

This is Not an anti-AI story

Before going further, it’s important to clarify something: this is not an anti-AI story.

My company uses artificial intelligence every single day. As a marketing agency, we rely on tools like ChatGPT, Midjourney, HeyGen, and the automation features inside our CRM platform to help us work faster and deliver stronger results for our clients. AI has already become a meaningful productivity tool inside our business, helping us create imagery, generate ideas, and streamline internal processes.

That’s exactly why OpenClaw caught my attention.

What made the platform interesting wasn’t the novelty of AI itself. It was the idea of taking automation a step further. OpenClaw promised something closer to a true autonomous assistant — a system capable of connecting multiple tools and operating across them automatically.

For a business owner juggling dozens of moving pieces every day, that sounds incredibly powerful. Imagine an assistant scheduling meetings, organizing communication, managing tasks, and handling routine workflows behind the scenes.

That vision is what pulled me in.

But there is an important difference between the AI tools many companies use today and the type of autonomous system OpenClaw represents. Most AI tools operate within controlled environments. You ask a question, the system generates a response, and you decide what to do with that information.

OpenClaw works differently. Instead of simply generating ideas, it can take actions across connected systems. And that’s where the risk begins.

The conversation that changed my mind

When I mentioned my plan to my IT company, their reaction was immediate. They didn’t just say it was risky, they walked me through exactly why. Their recommendation was clear: do not connect OpenClaw to work accounts at this time.

The concern wasn’t theoretical. It was practical. If an autonomous AI agent has access to email, files, calendars, messaging platforms, and other digital tools, a compromise could potentially affect every connected system.

In situations like that, remediation becomes extremely difficult. It’s not as simple as resetting a password or locking down a single account. Once an AI agent has broad permissions across multiple platforms, the potential exposure becomes much larger.

According to security researchers, those risks are already appearing in real-world scenarios.

The “sharp edges” of OpenClaw

Even OpenClaw’s own creator has acknowledged that the system is still a work in progress. In developer discussions, the creator reportedly warned that “most non-techies should not install this” and admitted the project still has significant “sharp edges.”

Security researchers have been exploring exactly what those sharp edges look like. One major concern is the level of access the system requires. OpenClaw connects directly to tools like email, messaging platforms, calendars, development environments, and cloud services. Once connected, it can read, write, and act across those systems.

Researchers at Bitsight demonstrated that they could prompt an OpenClaw instance to reveal stored passwords and API keys. If someone gained access to the system itself, they could potentially gain access to everything it was connected to — email accounts, Slack channels, GitHub repositories, calendars, and more.

At the same time, attackers have already begun targeting the platform.

Reporting from The Hacker News indicates that malware has been created specifically to steal OpenClaw configuration files, which contain credentials for connected services. A single compromised configuration file could potentially unlock multiple systems at once.

The plugin ecosystem introduces another layer of risk. OpenClaw allows users to install community-created add-ons known as “skills.” While these extensions expand functionality, they also create opportunities for malicious code.

Researchers at Cisco analyzed one skill that had been boosted to the number-one ranking and discovered it was quietly exporting user data to an external server. A separate study found that roughly 15% of community skills contained malicious instructions.

Another emerging concern is something called prompt injection. This technique allows attackers to hide instructions inside emails, documents, or web pages that the AI interprets as commands. If an AI agent reads that content automatically, it may follow those instructions without the user realizing it.

In practice, that means a malicious email could contain hidden prompts instructing the AI to retrieve files, share information, or execute commands.

Security researchers have also discovered thousands of OpenClaw installations unintentionally exposed on the internet. Bitsight identified more than 30,000 exposed instances in under two weeks, and some test systems began receiving attack attempts within minutes of being deployed.

Even the platform’s own documentation acknowledges limitations. Earlier versions did not require passwords, and the system still allows extremely weak password configurations. The documentation itself notes that there is no “perfectly secure” setup.

For businesses handling sensitive information, that’s not a reassuring starting point.

A surprising moment at the Apple Store

After learning more about the risks, I decided not to move forward with the experiment. I packed up the Mac Mini and brought it back to the Apple Store. While processing the return, the employee helping me mentioned something interesting. Apparently, I wasn’t the first person to do this.

They explained that several customers had recently purchased systems specifically to experiment with OpenClaw and later returned them after learning more about the security concerns.

That moment stuck with me because it revealed something important about what’s happening in the business world right now. Business owners are incredibly curious about AI. They’re excited about the productivity gains and the possibilities these tools offer.

But many are discovering the risks after they’ve already begun experimenting. In my case, I was fortunate to have an IT team that raised the red flag before anything was connected to real accounts. Not every business has that guidance.

What major companies are doing

This caution isn’t coming from just one IT department. According to WIRED, several organizations have already banned OpenClaw from work devices. Meta reportedly warned employees not to install the software on corporate machines.

Research firm Gartner described OpenClaw as “a dangerous preview of agentic AI,” warning that systems like it may be “insecure by default.”

Publications including PCWorld and American Banker have also raised concerns about the risks associated with connecting the tool to professional environments.

The bottom line

Artificial intelligence is going to transform how businesses operate. There’s no question about that. We’re already seeing it.

My company uses AI every day to create imagery, automate processes, and serve clients more efficiently. Used properly, these tools are incredibly powerful. But power without guardrails creates risk.

My short-lived experiment with OpenClaw reminded me of something every business owner should remember: just because a technology exists doesn’t mean it’s ready to run your company.

Right now AI is evolving faster than the policies, security systems, and safeguards designed to manage it. The smartest companies won’t ignore AI, they also won’t hand over the keys to their business until the technology proves it can be trusted with them.