OpenClaw in companies: opportunities and limits of the AI agent

- As an AI agent, OpenClaw has capabilities that go beyond creating text or code.
- The open-source tool from Austria performs tasks independently and uses business tools to do so.
- The more independently the agent is allowed to act and the more deeply integrated he is, the greater the risks for cybersecurity in companies.
- Recommendation: OpenClaw is currently only conditionally suitable for productive use in companies.
- Anyone planning to use AI agents or browsers should consult AI experts and secure themselves as much as possible with AI governance, limited rights, and robust security and privacy controls.
What is OpenClaw?
OpenClaw is artificial intelligence Made in Austria: There, programmer Peter Steinberger has a AI kit developed, which since the end of 2025 as open source software is available. OpenClaw's AI workflow is based on AI models from providers such as OpenAI or Google and, once set up, automatically sends emails, write programs or organize files.
With OpenClaw, the Next generation of AI systems the market: so-called AI agents, which, among other things, in AI browsers How Perplexity works and goes beyond classic AI applications. In addition to analyses or creating texts carry out complex tasks independently.
Why is OpenClaw being critically discussed?
In theory, the new generation of AI promises big efficiency gains. In practice, however, OpenClaw needs Access to external applications such as email programs, local file storage, APIs, or password managers. In order to be able to work in these environments, so-called Skills required: These AI agent extensions provide additional functions, but pose numerous security risks for companies.
How does OpenClaw jeopardize companies' information security?
OpenClaw's risks arise from the combination of several factors. The agent penetrates deeply into systems, works with sensitive access data and can often be flexibly expanded without traditional security limits.
This creates numerous risks to information security within companies.
The following 5 dangers You should know in order to be able to consider whether the risks are worth implementing AI workflows with OpenClaw:
1. Overprivilege: When the agent is allowed to do too much
OpenClaw becomes critical where the agent far-reaching rights up to administrator rights receives. If attackers gain access to the agent, they would benefit from exactly these rights: Instead of having to laboriously work their way through various protection mechanisms, they use the agent as a shortcut.
2. Attack surface: When devices become entry gates
Since OpenClaw is based on various terminal devices security depends more on the respective laptop or PC than on the network. Every device on which the agent is active is thus turned into a additional entry point into company data and systems, which attackers could easily use as doors to connected tools.
3. Skills: When skills become a contagious risk
The skills that can be used to expand OpenClaw's functional world increase the possibilities of using the agent. However, they are critical from a security perspective. Because technically, it is simply executable code.
The problem: If a user unknowingly installs a manipulated skill, in the worst case scenario, it can How malware behaves and gain access to data, systems, and other functions. It becomes particularly critical when the agent can independently access external sources, reload software, or install dependencies. As a result, manipulated extensions can Inject malicious code, which affects many individual devices in the company at the same time.
4. Data leakage: When login data is also stored unnoticed
In order for OpenClaw to perform tasks, the agent works with Login data such as API tokens, cloud keys, or integration data. Such login data can be inadvertently stored or shared during use — for example in logs, configuration files, or shared work environments. If they get outside, attackers have easy play and direct access to corporate systems.
5. Governance: When manipulation and “shadow AI” threaten companies
AI agents are vulnerable to manipulation. Prompt injections are the best example: This is where attackers embed hidden instructions in web pages or documents that the agent interprets as a legitimate task. This can cause OpenClaw to share data with unauthorized parties or perform unwanted actions.
This risk is reinforced by characteristics such as the persistent context, i.e. the agent's “memory.” Attackers can manipulate stored information or exploit them in the long term, which makes their attacks more difficult to identify and understand.
There is also a practical problem in companies: Will tools such as OpenClaw used without clear rules and control, is created quickly Shadow AI.
What does OpenClaw mean for corporate data protection?
Since OpenClaw is able to search data and operate systems independently, this results in multiple risks to GDPR compliance for companies.
- Data minimization and purpose limitation: To the Principles of the GDPR This includes, among other things, the processing of personal data to the extent necessary. However, autonomous agents are designed to to search large amounts of data. If OpenClaw does not clearly regulate data access, the agent may “see” data that is irrelevant to its task.
- Third country transfer: In many setups, OpenClaw is the executing layer, while data processing takes place at external providers. As soon as personal data is transmitted to service providers, standard contractual clauses and Order processing contracts necessary.
- Data protection impact assessment: Using OpenClaw potentially poses an increased risk for Rights and freedoms of data subjects Dar. This is especially true if the AI agent is to process customer or employee data. In this case, the GDPR requires a Data protection impact assessment, which analyses risks and documents measures to contain risks.
A key problem with AI applications is check. Remain companies legally responsible for data processing, even when an agent acts independently. However, dynamic data flows into AI agents make transparency about compliance with the GDPR difficult. In addition, manipulated AI agents are at risk of Data protection incidents, which may result in fines.
How do regulators assess OpenClaw?
The described IT and data protection risks have now also been confirmed by supervisory authorities. D e Dutch data protection authority Autoriteit Persoonsgegevens warns expressly before using OpenClaw and similar AI agents, as they often do not meet basic security requirements and a high risk of data leaks and account takeovers represent.
The experts are particularly critical of the fact that users of the system extensive access to devices, data, and accounts grant. From the authority's point of view, this can make OpenClaw look like a “Trojan horse.” Safety analyses also point to specific risks such as manipulated plug-ins, hidden commands, and critical vulnerabilities that can lead to complete system takeover.
Our assessment of OpenClaw: Wait and see alternatives
OpenClaw impressively demonstrates the potential of AI agents. At the same time, it is clear that this technology is currently is not yet sufficiently protectedto use them without hesitation in a corporate context.
In our opinion, the risk is currently too high, especially in view of the fact that companies are subject to regulations such as NIS2 policy or the AI Act are facing major cybersecurity challenges anyway and depend on effective protective measures. The combination of far-reaching rights, new areas of attack, real existing weaknesses and lack of maturity in practical implementation creates a Security situation that is difficult to control. In addition, according to the AI Act, OpenClaw is classified as high-risk AI, depending on the use case, which would tighten the regulatory requirements for the use of the agent.
Careless use of OpenClaw is particularly critical: When IT teams start testing AI agents without clear governance or even using them in productive systems, real risks quickly arise.
Companies that still want to deal with the potential of AI agents such as OpenClaw should Involve experts and consciously ask yourself whether the respective application cannot also be implemented with more controlled and established technologies. In many cases, this is currently the more sensible option.
Still have questions? We have the answers.
OpenClaw works as an autonomous AI agent and requires extensive access rights to business tools. The more independent the agent is allowed to act and the more deeply integrated he is, the greater the risks for cybersecurity and data protection become. Recommendation: Currently only conditionally suitable for production. Proliance supports with AI training and advice for secure, rule-compliant use of AI (AI Act/KI-VO).
Over-privilege (too many rights), additional attack surfaces via end devices, skills as executable code (manipulation possible), data outflow of tokens/keys (e.g. via logs/configurations) and governance risks such as prompt injections and shadow AI are particularly critical. Proliance provides support with experts in the areas of information security and data protection.
Autonomous agents can “see” more personal data than necessary (data minimization/purpose limitation). Third country transfers as well as standard contractual clauses and AV contracts may be relevant in the case of external processing. If there is an increased risk, for example with customer or employee data, a data protection impact assessment may be necessary. Proliance provides support with AI training and appropriate advice from experts.
Do you have further questions on this topic? Our experts will be happy to advise you free of charge.













