Government contractors discovered their developers were running OpenClaw agents on random VPS instances to manage calendars and monitor repositories. That’s not a hypothetical from a security vendor’s pitch deck — it’s a real scenario Kilo’s leadership described to VentureBeat when explaining why they built KiloClaw for Organizations.
The product launched today. It’s Kilo’s answer to what the industry is calling the “shadow AI” or “Bring Your Own AI” (BYOAI) crisis: knowledge workers deploying autonomous agents on personal infrastructure to handle professional workflows, completely outside IT’s visibility.
The Shadow AI Problem, Quantified
Since KiloClaw — Kilo’s securely hosted, one-click OpenClaw product for individuals — went generally available last month, more than 25,000 users have integrated it into daily workflows. Kilo’s proprietary agent benchmark, PinchBench, has logged over 250,000 interactions and was referenced by Nvidia CEO Jensen Huang during his GTC 2026 keynote.
That adoption velocity is the point. When a tool is this useful and this easy to deploy, people don’t wait for IT to approve it. They spin up a $5 VPS, install OpenClaw, connect it to their work Slack, and start automating. The agent has access to internal APIs, calendar data, code repositories, and communication channels — all running on infrastructure the company doesn’t control, can’t monitor, and can’t shut off.
As Fortanix CEO Anand Kashyap told VentureBeat: “OpenClaw has taken the technology world by storm” — and that storm is creating blind spots enterprise security teams aren’t equipped to handle.
What KiloClaw for Organizations Actually Does
The enterprise package addresses the governance gap with several capabilities:
Centralized agent visibility. IT gets a dashboard showing every agent running under the organization’s umbrella — what models they’re using, what tools they have access to, and what actions they’re taking.
Corporate communication channels. As Kilo’s team put it: “When we were talking to early enterprise opportunities, they don’t want you using your personal Telegram account to chat with your work bot.” KiloClaw Chat provides enterprise-grade communication that the company controls. When someone leaves, access to their agent gets revoked with their other credentials.
Usage-based pricing with BYOK. Organizations pay for compute and inference consumed. They can bring their own API keys or use Kilo Gateway credits. No per-seat licensing that penalizes experimentation.
Open-source transparency. “Anyone can go look at our code. It’s not a black box. When you’re buying KiloClaw, you’re not giving us your data, and we’re not training on any of your data because we’re not building our own model,” Kilo’s Schario clarified.
The Identity Layer Problem
Teleport CEO Ev Kontsevoy identified the deeper issue: “The potential impact of OpenClaw as a non-deterministic actor demonstrates why identity can’t be an afterthought.”
This connects to a pattern we’ve been tracking throughout RSAC 2026 and beyond:
- Okta’s CEO called for kill switches on all AI agents
- Astrix Security built a control plane specifically for shadow AI agent discovery
- SailPoint × AWS signed a multi-year deal for agent identity governance
- Deutsche Telekom launched “AI Agent Ready” for telco-scale digital identities
- AvePoint AgentPulse shipped standalone shadow agent governance
KiloClaw for Organizations is the first product that comes at the problem from the agent platform side rather than the security vendor side. Instead of trying to discover and govern agents after the fact, it provides the sanctioned platform that makes shadow deployment unnecessary.
The Convergence
The trajectory is clear: every major enterprise will need an answer to “where are our AI agents running, what can they access, and can we shut them off?”
The vendors selling answers fall into three camps:
- Identity-first (Okta, SailPoint, Astrix) — extend IAM to cover non-human agent identities
- Security-first (CrowdStrike, Palo Alto, Orca) — detect and defend against agent threats
- Platform-first (KiloClaw, AWS Managed OpenClaw) — provide the governed environment so shadow deployment doesn’t happen
KiloClaw’s bet is that platform-first wins. If the sanctioned tool is as easy as the shadow version, people will use it. That’s the same logic that made Slack win over shadow messaging and GitHub win over random Git servers.
Whether 25,000 individual users convert to organizational deployments — and whether IT teams trust an OpenClaw-based platform to replace the shadow agents already running — is the open question.
What This Means for Self-Hosters
If you’re running OpenClaw on your own infrastructure (like many readers of this site), KiloClaw for Organizations isn’t aimed at you. But the shadow AI problem it addresses is real in any team context:
- Document your agent’s access scope. What APIs, repos, and communication channels does it touch?
- Use organizational credentials, not personal ones, for any work-related agent integrations
- Set up access revocation. If someone leaves, can you cut off their agent’s access to everything?
- Monitor agent actions. OpenClaw’s built-in logging helps, but enterprise environments need centralized audit trails
The era of “I’ll just run an agent on my laptop and connect it to work Slack” is ending. Whether it ends through governance platforms like KiloClaw or through security incidents that force the conversation — that’s the only question.
KiloClaw for Organizations is available now with usage-based pricing. Details at kilo.dev.