AI Agents Go Rogue: Your Work Machine is at Risk

OpenClaw, an AI agent launched in November 2025, has surged in popularity for autonomous tasks, with users communicating via messaging apps. Solopreneurs and enterprise employees are increasingly installing it on work machines, despite documented security risks. This surge has led to IT and security departments struggling against "shadow AI."

Runlayer, an enterprise AI startup, has introduced "OpenClaw for Enterprise" to address this, providing a governance layer for unmanaged AI agents. The core issue lies in OpenClaw's architecture, particularly its primary agent formerly known as "Clawdbot." Unlike standard LLMs, Clawdbot often has root-level shell access, acting as a "master key" with full system privileges. Without native sandboxing, sensitive data is vulnerable.

Runlayer CEO Andy Berman demonstrated a compromise in under an hour using simple prompting and prompt injection, where malicious instructions can hijack agent logic. He noted that the industry passed the point of prohibition in 2024, with employees adopting these tools for utility, similar to the BYOD trend.

Runlayer's solution, ToolGuard, offers real-time blocking with less than 100ms latency, analyzing tool execution outputs to catch dangerous commands. Internal benchmarks show a significant increase in prompt injection resistance. The platform integrates with enterprise identity providers and is SOC 2 and HIPAA certified.

Runlayer uses a platform fee model instead of per-user pricing to encourage wider adoption. Their solution is designed to be integrated into existing security stacks, offering auditability and export capabilities to SIEM vendors. Companies like Gusto have rebranded IT as an "AI transformation team" after partnering with Runlayer, enabling widespread, safe AI agent usage.