Back to Community
P
Priya Sharma
Chief Risk Officer · Atlas Insurance Group
Mar 17, 2026 · 8 hours
Risk & Security

Shadow IT alert: OpenClaw instances found on 14 employee devices during audit

We ran a routine device audit last week and discovered OpenClaw running on 14 personal and company devices. None of these were sanctioned by IT.

The agents were pulling internal Slack data and company emails to "help with summaries." Nobody flagged it. Nobody asked permission.

We've since blocked it at the network level, but the data exposure window is concerning. Has anyone else dealt with this? How are you monitoring for unauthorized agent deployments?

Our legal team is still assessing the GDPR implications since some of those emails contained EU customer data.
151 views

3 Comments

R
Rachel Tan
· VP of Engineering · NovaPay
8 hours
We found the same thing at NovaPay. 9 instances running on developer laptops. The scary part? Two of them had access to production API keys.

We now run weekly scans. It's not popular with engineering but the risk is too high to ignore.
J
James Nderitu
· CTO · Kwanza Digital
8 hours
This is more common than people admit. We added OpenClaw detection to our endpoint monitoring. Took about 2 days to implement. DM me if you want the approach.
M
Marcus Webb
· CFO · Terravolt Energy
8 hours
From a finance perspective — the liability exposure here is significant. If customer data leaks through an unsanctioned agent, the company is on the hook regardless of whether IT approved it.