22% of Your Employees Are Using OpenClaw. Here's Why IT Should Care.

OpenClaw—the viral open-source AI assistant formerly known as ClawdBot and Moltbot—has taken the tech world by storm. With 160,000+ GitHub stars and breathless media coverage, it's the AI tool everyone's talking about. But there's a problem: your employees are probably already using it, and IT has no idea.

According to security firm Token Security, 22% of enterprise customers have employees actively running OpenClaw—likely without IT approval. This isn't just a policy violation. It's a genuine security risk that every IT leader needs to understand.

Why OpenClaw Is Different: Unlike ChatGPT or other cloud AI tools, OpenClaw runs directly on users' machines with unrestricted system access. It can execute shell commands, read and write files, and run scripts. When an employee installs it on their work laptop, they're giving an AI agent the keys to potentially sensitive corporate data.

The Security Research Is Alarming: Cisco's security team called personal AI agents like OpenClaw "a security nightmare." Palo Alto Networks researchers found exposed gateways, plaintext credentials, and OAuth tokens in enterprise deployments. A critical vulnerability (CVE-2026-25253) allowed attackers to hijack OpenClaw sessions.

Shadow AI Is the New Shadow IT: Remember when employees started using Dropbox before IT approved it? OpenClaw is the AI equivalent—except the risks are significantly higher. Traditional shadow IT exposed files. Shadow AI exposes everything on the machine, plus the ability to take automated actions.

The Skills Marketplace Problem: OpenClaw's "skills" are community-created plugins that extend its capabilities. Sound familiar? It's like browser extensions—except with root-level system access. Security researchers have already identified malicious skills designed to exfiltrate data.

What IT Should Do: First, audit for OpenClaw presence. Check for the application on employee machines. Second, establish clear AI tool policies. Define what's approved and what's not. Third, provide sanctioned alternatives. Employees want AI assistance—give them secure options.

The Right Approach: Banning AI tools outright doesn't work. Employees will find workarounds. Instead, provide tools that meet their needs while maintaining security. Convoe's Kai and Tai offer AI assistance within a secure, IT-managed environment.

Kai understands your workspace context without requiring system-level access. It works within Convoe's secure environment, respects data boundaries, and gives IT visibility into AI usage. Your employees get the AI productivity boost they want. You get the security and oversight you need.

The bottom line: Your employees want AI assistants. The question isn't whether they'll use them—it's whether they'll use approved tools or shadow AI like OpenClaw. Make it easy to choose the right path.