Shadow AI used to mean somebody chatted with ChatGPT during lunch. In 2026, it means an employee installed an autonomous agent on their work laptop with shell access, file reads, email sending, and Slack OAuth. And 22% of monitored corporate endpoints are already running OpenClaw without IT approval.
CVE-2026-25253 allowed any malicious website to hijack a local OpenClaw agent via WebSocket. No plugins, no user interaction. The Lumma infostealer added OpenClaw credential paths to its target list. About 800 malicious skills were found in ClawHub.
We broke down what is actually happening and the three governance approaches organizations are taking.
https://clawhosters.com/blog/posts/shadow-ai-openclaw-enterprise-governance
Top comments (0)