Everyone is an agent now

Is your production ready for it?

OpenClaw is a thing. Everyone is an agent now. That means you can’t assume that clients of your APIs are human. Even if you provision separate accounts for agents in your org, set up all the right permissions, and “do everything right,” the phenomenon of Shadow IT means there will be agents acting as humans on the inside of your company.

Earlier this week, Anthropic announced Mythos, a model so capable at developing security exploits that they are not releasing it publicly. Combine increasingly powerful models, which remain vulnerable to prompt injection, with OpenClaw installations and the common lethal trifecta, and you have a whooooole lotta endpoints that will become capable, prompt-injected attackers on the inside of your org in the near future.

There are a bunch of things companies can do to manage this problem, including using endpoint detection systems to identify unapproved AI agent harnesses, building detection systems that identify AI vs. human request patterns, pushing for independently managed identities and permissions for AI agents, and adopting hosted and centrally secured AI assistant systems that aid productivity rather than having employees run tools like OpenClaw on their local machines.

There is at least one other thing, however, that I don’t see talked about as much that I think is really important. You need to lock down human access to production environments in the first place, in a way that makes it difficult for local AI agents to programmatically access it without human-in-the-loop approval.

First, this means implementing Multi-Party Authorization on any system that affects production environments. Solutions like GCP’s Privileged Access Manager make this possible in cloud environments, and source control tools usually offer features to require multi-party review on code and configuration changes, as examples.

Second, it means making it hard for AI agents to collaborate to bypass these requirements without HITL approval. It’s easy for local agents with access to your email and a web browser to see an approval request and grant it without you noticing. The best I can come up with is that these systems should all start requiring humans to physically touch a hardware token for every approval, which is something that AI can’t do. Yet.

April 11, 2026