Kategorie

Autonomous agent orchestration tool OpenClaw hit the scene last November and immediately went viral, but its dramatic flaws were exposed just as quickly.

Still, it marked a pivotal step in the agentic AI era, and enterprises have been exploring ways to deploy fleets of autonomous agents safely and securely ever since.

Automation Anywhere Tuesday rolled out its answer to this challenge, EnterpriseClaw, created in collaboration with Cisco, Nvidia, Okta, and OpenAI.

The company says the platform will enable companies to deploy autonomous AI agents across their desktops, cloud platforms, secured ‘behind-the-firewall’ networks, and on-premises systems, all while maintaining centralized control, access, and observability.

Automates business-critical work

EnterpriseClaw is built on Automation Anywhere’s Process Reasoning Engine (PRE) and Contextual Intelligence Graph, which automate business-critical work. It also integrates with Cisco AI Defense and DefenseClaw to provide security purpose-built for AI agents, Nvidia’s open-source runtime OpenShell, NIM microservices and Nemotron models for on-premises customers, and Okta’s cross-agent identity management and authentication controls. Furthermore, OpenClaw’s OpenAI collaboration will give customers access to leading models like GPT-5.5.

“The level of distrust and insecurity associated with OpenClaw is covered in significant detail in the EnterpriseClaw launch,” said Manish Jain, a principal research director at Info-Tech Research Group. “The collaboration between Nvidia, OpenAI, Okta, and Cisco adds to the credibility of the proposition of trusted infrastructure, identity, and security layers.”

Automation Anywhere says the platform will give enterprises the ability to deploy agents in parallel in managed containers behind firewalls, providing local access to files, apps, browsers, and terminals. Agents can hand off tasks and combine outputs so that value “compounds” rather than being isolated and confined to single-agent tasks, the company said.

Users can set policies, access controls, guardrails, and agent credentials, which are all enforced locally on-device, and receive information on telemetry, audit logs, and large language model (LLM) usage.

The company pointed to use cases like claims investigation: AI agents can gather information across desktop apps, internal documents, on-premises systems, and cloud platforms, all while keeping financial, operational, and other sensitive data secured inside enterprise systems. Other usage scenarios include code generation and debugging, local file post-incident log analysis, research, user interface (UI) automation, and secure data processing in regulated environments.

EnterpriseClaw is now available in preview, with general availability expected later this year.

No clear differentiator

Still, there’s no clear-cut differentiator here, noted Jason Andersen, a VP and principal analyst with Moor Insights & Strategy. Nvidia has already announced its NemoClaw open-source stack to provide guardrails for always-on agents, and EnterpriseClaw has essentially the same capabilities and generally-available stack.

“Which begs the question: If you are already using Nvidia’s, why choose this?” he asked. Indeed, the Cisco and Okta capabilities will “likely be interesting” to their existing bases. “But again, those products already work with other tools,” Andersen pointed out.

OpenClaw-like agents changing everything

Ultimately, noted technology analyst Carmi Levy, OpenClaw’s arrival has changed enterprise leaders’ view of AI, because it turned what was previously just a concept of AI agents into an everyday-accessible tool for a mass audience.

“As ChatGPT took chatbots out of the lab and drove them into mainstream use, OpenClaw did the same for AI agents,” he said. It shifted the notion of AI from something we chat with to something that actually gets work done. This represents “a key step in replacing human capital with technological capital.”

Info-Tech’s Jain explained that OpenClaw provided AI with three key features: Local execution via a desktop or laptop, persistent autonomy (operation without human input), and direct control over various systems such as WhatsApp or Slack.

“In effect, OpenClaw gave its agents claws (hands), allowing them to run in the background continuously,” he said. They can then execute real-world actions across file systems, web browsers, and applications based on a “single thread” of chat messaging.

But when claw agents quickly began leaking information about user data, there was a “polarization of emotions,” with users both excited and shocked about what they could do and access, he pointed out.

“OpenClaw did not meet enterprise-grade product standards,” said Jain. “The data leaks and inappropriate behaviors associated with claw agents exhibit how an uncontrolled tool, when introduced with no guardrails, will lead to massive issues.”

While Automation Anywhere is deploying EnterpriseClaw in partnership with a group of credible companies, that is just one side of the story; enterprises must govern all AI agents as “persistent digital actors without conscience,” he noted.

Moor’s Andersen also pointed out that OpenClaw can be run on many different models, essentially as a client and a server. But this means there are no real governance capabilities available, “so it’s kind of a wild west, which is why we are seeing companies create these enterprise offerings,” he said.

Claw agents ‘amazing,’ but enterprises beware

What resonates most about OpenClaw is that it can be run alongside open-source AI models like Gemma on a local machine, and users don’t have to pay for or worry about data, Andersen pointed out. This is a direct response to other wildly popular but more expensive tools like Claude Cowork; the latter is “amazing,” but “somewhat addictive,” so users can easily burn through the lowest-cost $20 a month usage credit option.

Tools like OpenClaw are “pretty great” when you have many tasks running in parallel, Andersen noted. For instance, in a marketing campaign, agents can check sales volumes and generate new content at the same time.

Levy added that agents could potentially replace “the human worker-bee” altogether, handling the minutiae of day-to-day work.

Helpdesk workflows are “particularly aligned” with the capabilities of OpenClaw-like agents, he pointed out, as the agents can autonomously manage and close tickets. Or, in administrative work, they can take on repetitive, low-risk and high-return tasks like scheduling meetings, drafting email messages, and managing follow-ups. In software development, vibe-coding agents can efficiently generate large volumes of code for diverse projects.

“Is the code any good? The verdict is still out on that, but it’s clear that OpenClaw-like agents are already rapidly tilting the coding landscape in favour of automation,” said Levy.

Still, agents need a lot of permissions to live up to expectations, which can introduce “unnecessary or unacceptable” levels of risk, he noted. Builders will need to grant sufficient access to maintain productivity, but not so much that they set the stage for an “AI-powered debacle” down the road.

Enterprises also run the risk of AI-fed data leakage, likely from opportunistic agents accessing sensitive data from multiple sources and sharing it beyond originally intended purposes, Levy said. Agents are subject to “AI-ified cybersecurity risks,” such as prompt injection and instruction attacks that use hidden text in documents to autonomously execute remote commands.

Another issue is explainability; particularly in regulated industries, enterprises must be able to show traceability and justify why a certain action was taken and who signed off on it. Additionally, “longer-term reliance at this level will inevitably erode institutional knowledge as the human workers who originally crafted it are replaced by automation,” Levy cautioned.

This article originally appeared on CIO.com.

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. [...]

Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company's Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. [...]

Discord announced that all voice and video calls through the communication platform are now protected by default with end-to-end encryption (E2EE). [...]

The FBI says Americans have lost over $388 million last year to scams using cryptocurrency kiosks, also known as crypto ATMs or Bitcoin ATMs. [...]

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features. [...]

The Big Four accounting and consulting firms — Deloitte, EY, KPMG, and PwC — advertised more AI-related job postings than traditional auditing positions in 2025, according to a new analysis by the Financial Times.

Nearly 7% of the firms’ job postings required AI expertise, compared to less than 2% in 2022 when OpenAI’s ChatGPT was launched. At the same time, auditing roles accounted for just under 3% of the postings last year. One of the firms also noted that a single job posting could, in some cases, apply to multiple positions.

According to the Times, the hiring trend shows how quickly AI is transforming the consulting and auditing industries. At the same time, the industry is trying to adapt to the fact that AI could undercut the need for certain junior positions.

Traditionally, consulting firms have been built on a “pyramid model” where many younger employees work under a smaller number of senior managers and partners. AI is now expected to automate parts of that workplace arrangement.

Arxiv, the open-access repository where researchers publish scientific articles before they have undergone formal peer review, is introducing stricter rules against AI-generated articles containing obvious errors and fabricated content. Researchers who submit texts with clear signs of so-called “AI slop” can now be banned from the platform for a year, according to 404 Media.

Red flags could include, for example, fabricated sources, incorrect citations, or leftover AI comments, Arxiv said. The platform argues that such mistakes indicate the authors have not properly reviewed the AI’s output.

The aim is to counter the growing volume of AI-generated texts that masquerade as serious research.

A single violation could be sufficient for suspension, though a proposed ban can be appealed. Users who have been suspended will also be subject to a future requirement that new submissions to Arxiv must first be accepted by a reputable peer-reviewed scientific publication.

Security researcher Brian Krebs brings us the news that America's Cybersecurity & Infrastructure Agency (CISA) has had a large store of plaintext passwords, SSH private keys, tokens, and "other sensitive CISA assets" exposed in a public GitHub repo since at least November 2025.

The now-offline public repo—named, somewhat aspirationally, "Private-CISA"—was brought to Krebs' attention by GitGuardian's Guillaume Valadon, who was alerted to the repo's presence by GitGuardian's public code scans. Krebs says that Valadon approached him after receiving no responses from the Private-CISA repo's owner.

In an email to Krebs, Valadon claimed that the repo's commit logs show that GitHub's default protections against committing secrets—protections designed to protect unwitting or unskilled developers against exactly this kind of stupidness—had been disabled by the repo's administrator.

Read full article

Comments

Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN's Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains, turning the infrastructure into a pipeline for multi-stage fraud. "Users

Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN's Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains, turning the infrastructure into a pipeline for multi-stage fraud. "Users Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft plans to raise the quality bar of Windows 11 drivers, as drivers "sit at the heart of every Windows experience" and connect the OS to the "silicon, components, and peripherals." [...]

Microsoft has confirmed user reports that the Teams team collaboration app is displaying non-dismissible location prompts on some macOS systems. [...]

Apple has confirmed this year’s Worldwide Developers Conference (WWDC) will take place June 8-12. The show begins with a keynote speech likely to be Tim Cook’s final public appearance as Apple’s CEO. His successor, John Ternus, will also be in the spotlight, but perhaps not quite as much as Apple’s promised smart Siri successor.

Getting AI right is incredibly important to the company this year, and Apple seems to recognize that. The official media invitation features a brightly glowing Swift logo with the tagline “Coming Bright Up,” which some see as a hint at the advanced AI capabilities Apple intends making available. It also hints at the new Siri user interface Apple is building, while the use of a Swift suggests the introduction of additional Foundation Models with which developers can add AI tools to their products.

On the developer website, Apple’s media images all show that bright glow, which also hints at potential improvements to Liquid Glass. There’s no doubt at all that the entire industry will be tuned into WWDC to find out where Apple is going with AI. So, no pressure there, right?

AI tools developers can use

The company told developers to expect more than 100 new videos about tools, technologies, and design, many of them to be revealed during the Platforms State of the Union address, which follows the keynote.

“WWDC26 will kick off June 8 with the Keynote and Platforms State of the Union, introducing incredible updates for Apple platforms, including AI advancements and exciting new software and developer tools,” Apple said, announcing the event.

Apple knows the world is watching and seems unlikely to want to disappoint its audience again, though the way it framed this in suggests some of the improvements will be for developers, with end users to benefit later. This is the approach Apple has taken with Foundation Models so far, though it isn’t yet clear if the company intends introducing a paid tier of APIs for developers. I’d consider that a risk at this stage, given the perception Apple faces.

What’s at stake?

A confluence of challenges means Apple is perceived as having fallen behind on AI. That’s got to hurt. The company is under a lot of pressure to push back against that viewpoint, and while that’s a challenge, it’s also a big opportunity. 

Wedbush Securities analyst Dan Ives says Apple is a “sleeping tech giant” poised for growth if it gets the mix right, predicting the company’s ecosystem could become the “consumer hub” of AI, to the extent that 20% of the global population will use Apple to access it. At Morgan Stanley, analyst Erik Woodring thinks what Apple is about to introduce will prompt a mass upgrade and sees revenue potential in AI services for the company. In general, people seem to agree that Apple’s ecosystem is more than capable of handling the demands of AI; the challenge is properly integrating it within Apple’s environment.

What is Apple Planning?

At the moment, strong speculation suggests Apple has added new Writing Tools, improved image generation on its devices, and has worked with Google Gemini to extend the number of available APIs developers can use, as well as enhancing contextual understanding by Siri.

Any one of these things would have impressed us all at one time, but in an AI world of Claude, Gemini, or even Grok, some will likely see even these enhancements as weak sauce. Additional key expectations include:

• Siri will become a chatbot-style assistant in the form of an LLM-enhanced app, built in partnership with Google Gemini.
• Apple will give users a choice of AI apps, including the ability to make whatever they choose the default on their system.
• Siri will gain a new interface hosted in the Dynamic Island on devices that support it.
• Siri might also gain the ability to string instructions together using a combination of text/speech and Shortcuts abilities. 
• You should see improved contextual awareness; Siri will be able to “see’”what’s on your screen and take relevant actions across one or more third-party apps.
• Those functions are likely to be delivered by App Intents, which permits developers to make app functions available across the system without opening the apps.
• Visual Intelligence will let the iPhone camera app identify more options, including objects and passes, such as for events and public transit.
• Multitasking on iPads should improve, while macOS might gain some touch-based interface improvements. That could set the scene for better integration between iPad and Mac, and, of course, make a touchscreen Mac possible.

Most recently, there’s been chatter about Apple introducing an iMac equipped with an M5 processor. If so, this could emerge at, or slightly before, WWDC.

As it does each year, the conference will feature the Apple Design Awards, Swift Student Challenge, Labs, and an in-person, 1,000 people gathering in Cupertino for the keynote. 

Watch it in real time

The keynote will be available to stream on Apple’s website. It will also be hosted on the Apple TV app and Apple’s YouTube channel, with playback on-demand after the event.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team on May 9, 2026, only to be informed by the maintainers that it was a duplicate of a vulnerability that had

Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team on May 9, 2026, only to be informed by the maintainers that it was a duplicate of a vulnerability that had Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. [...]

Convenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month. [...]

Microsoft's total vulnerability count stayed steady in 2025, but critical flaws surged year over year. BeyondTrust breaks down why attackers are increasingly focused on privilege escalation and identity abuse. [...]

IT teams are increasingly overwhelmed by alerts from disconnected systems, forcing responders to manually coordinate investigations during network incidents. This webinar explores how automation and AI-assisted workflows can help reduce response delays and improve operational coordination. [...]