OpenClaw marks a shift in how we work with AI: alongside the familiar workflow agents, a new kind of personal assistant arrives. Workflow agents automate processes across the organization. Personal assistants stay with a single person, supporting their work and their tasks.
The presentation introduces this paradigm: What is it? What does it make possible? Why is it still so dangerous today? And what can companies do to protect themselves?
The deck and PDF are in German. Would an English version be useful to you? Just ask.
The Agent in Action
A live demo walks through two everyday problems to show how OpenClaw interacts with its environment. We point it at the API of a SaaS time-tracking tool and watch the agent learn, at runtime, how to drive a display it has never seen before.
What makes the agent dangerous is that it runs with the local user’s permissions and can extend its own toolbox on its own initiative. At best this happens at the user’s request, but under the right circumstances an outsider can steer it too - prompt injection is the keyword here. An agent like this potentially installs without administrator rights, for instance via npm - bypassing IT, and possibly without the user even noticing.
What Organizations Should Do at a Minimum
Banning the technology is not realistic. Companies have to engage with the real question: how to contain or at least slow down the potential for harm. Technically through concepts like zero trust, privileged access management, and MFA. Organizationally through awareness, training, and governance.
If your organization wants to get a handle on personal AI agents, let’s talk.