So.. Moltbot. Now renamed OpenClaw, is getting more coverage. First, from Dark Reading “OpenClaw AI Runs Wild In Business Environments”. Token Security has identified that about 22% of employees at customer companies are using OpenClaw, raising concerns about potential shadow IT threats. Cybersecurity experts warn that OpenClaw’s capabilities, such as executing terminal commands and controlling browsers, could be exploited, especially if users grant it access to sensitive data without proper safeguards. Companies are advised to implement stringent IT security measures to manage these AI agents effectively and reduce the risks associated with their use.
From the Verge, “There’s a social network for AI agents, and it’s getting weird” sums it up. A new social network called Moltbook has emerged specifically for artificial intelligence agents, allowing over 30,000 bots to interact in a forum-like environment. Built by Matt Schlicht, CEO of Octane AI, the platform operates similarly to Reddit, enabling bots to post and comment without a visual interface, relying on APIs instead.
Why do we care?
Twenty-two percent. Let that number sink in.
Nearly a quarter of employees at Token Security’s customer base—organizations that pay for security products—are running an autonomous AI agent that can execute terminal commands and control their browser. Without IT knowing. Without anyone approving it. Without any governance whatsoever.
This isn’t Dropbox-era shadow IT. OpenClaw executes commands with employee credentials and sends context somewhere you don’t control. Terminal commands plus browser control means OpenClaw has whatever access that employee has—scripts, files, session tokens, saved passwords, every SaaS app. The attack surface is their permissions, now in an AI’s hands.
Here’s what I need you to focus on: the demand is real. They installed it because they want automation capabilities that IT isn’t providing. Block OpenClaw tomorrow, they’ll find the next agent next week. The 22% adoption rate is a signal that your clients’ employees are desperate for this level of automation.
Here’s the opportunity: those employees just showed you what they’ll pay for—in risk, in workarounds, in productivity they’re chasing. 22% unsanctioned adoption means 22% qualified leads for a sanctioned alternative. Show up with governed automation or lose them to someone who did.
The concrete behavior that will hurt you: You see this headline, you add “block OpenClaw” to your security checklist, and you move on. You’ve addressed the symptom while ignoring the disease. The disease is that employees want automation you’re not providing, and they’ll route around your controls to get it.
The correct response is building an agent governance framework. Approved agents, permission boundaries, audit logging, incident response procedures. This isn’t just a security control—it’s a new service offering. You’re not selling “we block AI.” You’re selling “we help you use AI without destroying your business.”
Audit your endpoints this week. The 22% figure means you almost certainly have exposure you haven’t found yet. And when you find it, don’t just block it—understand what those employees were trying to accomplish. That’s your roadmap for what managed automation services to offer.