Runlayer Launches 'OpenClaw for Enterprise' to Secure AI Agents and Combat 'Shadow AI' Risks in Large Organizations
Runlayer, a New York City-based enterprise AI startup, has introduced "OpenClaw for Enterprise" to address the security challenges posed by the popular open-source AI agent, OpenClaw. Since its launch in November 2025, OpenClaw has gained significant traction among solopreneurs and large enterprise employees, despite documented security risks. The core issue lies in OpenClaw's architecture, which often operates with root-level shell access, granting it full system privileges and acting as a "master key." This lack of native sandboxing exposes sensitive data like SSH keys, API tokens, and internal communications. Runlayer's solution provides a governance layer designed to transform these unmanaged AI agents from a liability into a secured corporate asset, helping IT and security departments manage the growing problem of "shadow AI." CEO Andy Berman highlighted the vulnerability, stating a security engineer gained full control of OpenClaw in one hour using simple prompting.
OpenClaw, an open-source AI agent known for its autonomous task capabilities on computers and communication through popular messaging apps, has become a significant phenomenon since its launch in November 2025. Its appeal, driven by the promise of enhanced business automation, has led to increased installation on work machines by both solopreneurs and employees within large enterprises, despite known security risks. This trend has created a challenge for IT and security departments, who are now contending with what is being termed "shadow AI."
New York City-based enterprise AI startup Runlayer aims to provide a solution to this burgeoning problem. Earlier this month, Runlayer launched "OpenClaw for Enterprise," a new offering that introduces a governance layer. This layer is specifically designed to transform unmanaged AI agents from potential liabilities into secured corporate assets.
At the core of the current security concerns surrounding OpenClaw is the architecture of its primary agent, previously known as "Clawdbot." Unlike conventional web-based large language models (LLMs), Clawdbot frequently operates with root-level shell access to a user's machine. This level of access grants the agent the ability to execute commands with full system privileges, effectively functioning as a digital "master key." A critical vulnerability arises from the absence of native sandboxing, which means there is no isolation between the agent’s execution environment and highly sensitive data, including SSH keys, API tokens, or internal Slack and Gmail records.
In an exclusive interview with VentureBeat, Andy Berman, CEO of Runlayer, underscored the inherent fragility of these systems. Berman revealed, "It took one of our security engineers 40 messages to take full control of OpenClaw... and then tunnel in and control OpenClaw fully." He further elaborated that this test involved an agent configured as a standard business user, possessing no additional access beyond an API key. Despite these limitations, the agent was compromised in "one hour flat" through the use of simple prompting. The primary technical threat identified by Runlayer stems from these architectural weaknesses.