In This Article
Introduction
In early 2026, security firm Token Security reported that 22% of employees at surveyed companies were using OpenClaw on work devices — often without IT approval. The report quantified the "Shadow AI" phenomenon: employees adopting agentic tools for productivity before enterprises could evaluate and govern them. The findings have driven enterprise security discussions around OpenClaw and shaped how CISOs think about agent getting it running.
Shadow AI is the agentic equivalent of shadow IT — technology adopted by employees without formal approval. The difference: AI agents have access to data, can take actions, and create new attack surfaces. The Token Security report put numbers to a trend that security teams had suspected but couldn't quantify. This article summarizes the findings and their implications. See Shadow AI for the full analysis.
Findings
22% of employees had OpenClaw or similar agent frameworks on work devices. Most installations were unsanctioned. Agents typically had access to corporate email, calendar, file shares. Risk: credential inheritance, prompt injection, lateral movement. IT was largely unaware.
The report surveyed 500+ enterprises across North America and Europe. Industries included tech, finance, healthcare, and manufacturing. The 22% figure was consistent across sectors, with tech and finance slightly higher (28% and 25% respectively). Healthcare was lower (15%) — likely due to stricter compliance and PHI concerns.
Key risk factors: 67% of shadow OpenClaw users had granted the agent email access. 54% had granted calendar access. 41% had granted file system access. In many cases, the agent had the same permissions as the user — meaning a compromised or manipulated agent could exfiltrate data, send emails, or modify files. IT had no visibility.
Implications
Shadow AI creates ungoverned attack surface. Enterprises must choose: block, govern, or hybrid. Token Security recommended governance — provide approved deployment, migrate shadow users into compliance. Blocking is increasingly difficult as OpenClaw runs in Docker, WSL, personal devices that connect to work.
The report also highlighted the productivity driver: employees use OpenClaw because it helps. They're not malicious. They're trying to do their jobs better. Blocking without an alternative creates friction and may push usage further underground (personal devices, home machines with work access). Governance — sanctioned deployment with controls — addresses both security and productivity.
Recommendations
Accept and govern. Provide sanctioned OpenClaw with SSO, logging, DLP. Bring shadow users into compliance. Detect and respond. Don't assume malicious intent — many use OpenClaw for legitimate productivity. See Shadow AI.
Token Security's specific recommendations: (1) Discover — scan for OpenClaw and similar tools. (2) Assess — what data do shadow agents access? (3) Govern — provide approved deployment with controls. (4) Migrate — bring shadow users into the governed environment. (5) Monitor — ongoing detection and response.
How Enterprises Are Responding
Since the report, enterprises have taken varied approaches. Some have blocked OpenClaw entirely (Meta, several financial institutions). Others have launched pilot programs — sanctioned OpenClaw with SSO, audit logging, and data loss prevention. The trend is toward governance rather than blanket blocking. The report gave CISOs a framework to discuss the issue with leadership.
OpenClaw Consult and similar firms have seen increased interest in "bring your shadow into compliance" engagements. Enterprises want to capture the productivity benefits while managing the risk. The Token Security report provided the evidence base for that conversation.
Wrapping Up
The Token Security report put numbers to Shadow AI. 22% is a significant figure — it means one in five employees has already adopted agentic tools. Enterprises that ignore this do so at their peril. See enterprise OpenClaw, Shadow AI, and security for governance options.