A few weeks ago, a hobbyist AI project called ClawdBot went from obscure GitHub repository to 82,000 stars in 72 hours. Social media did the marketing. Hundreds of thousands of people installed it.
Then security researchers took a look. What they found was a complete, predictable, avoidable mess.
Here's why you should care: Noma Security found ClawdBot running inside enterprise environments at over 53% of their customer base. Security teams had no idea it was there.
Employees saw the viral hype, installed it on work laptops, connected it to their corporate accounts, and went on with their day. Your traditional security tools? They don't detect this. Your IT governance frameworks? They weren't designed for it.
This is not a ClawdBot story. ClawdBot is just the preview.
This Is Not a Chatbot
ClawdBot is not ChatGPT. It does not answer questions and wait for your next message. It is an autonomous agent running locally on your employee's machine, connected to Slack, email, WhatsApp, file systems, whatever they gave it access to. It executes commands. Reads and writes files. Sends emails on their behalf. Automates their browser. It has persistent memory. It does not stop when they close their laptop.
The creator called it a hobby project. The internet treated it like a product launch. Your employees treated it like a productivity tool.
Within days, researchers found over 1,000 ClawdBot servers sitting on the public internet with zero authentication. Not weak authentication. None. These servers were leaking API keys, messaging credentials, months of private message archives, OAuth tokens, and session identifiers. Several were running with full administrative access on cloud servers. Fully exposed.
Real attacks followed immediately. Credentials stolen. Accounts compromised. Email inboxes wiped through prompt injection attacks. Germany's CERT catalogued 67 security issues, most rated high severity, some rated critical.
And nobody inside these companies knew it was happening.
Shadow IT Just Got Worse
I spent 16 years as an IT executive. I've dealt with Shadow IT my entire career. Employees signing up for Dropbox because the corporate file share was too slow. Marketing buying their own analytics tools because IT's approval process took six months. Departments spinning up their own AWS instances because they couldn't wait for infrastructure.
Shadow IT has always been a governance headache. But the risk profile was manageable. A rogue SaaS subscription is a compliance problem and a cost leak. Annoying, but containable.
This is different.
An autonomous AI agent with system-level access to your corporate infrastructure is not a compliance problem. It's a data exfiltration event waiting to be discovered. It has access to everything your employee has access to: customer databases, financial records, legal documents, engineering repositories, internal communications. And it's running 24/7, executing commands, with no oversight and no logs your security team knows how to read.
That's not Shadow IT. That's an open door you didn't know existed.
Your Security Tools Can't See It
Here's the part that should keep you up at night: your existing security stack was not designed to detect AI agent patterns.
Traditional endpoint protection looks for malware signatures, suspicious executables, known attack patterns. An AI agent doesn't look like malware. It looks like a productivity tool. It uses legitimate APIs. It authenticates with your employee's real credentials. It sends emails from their actual account. It accesses files they have permission to access.
From your security tools' perspective, nothing is wrong. The employee is just very productive today.
Cisco researchers tested a third-party ClawdBot plugin and found it was silently sending user data to an external server while injecting prompts to bypass the agent's safety guidelines. The user saw nothing. The agent did everything it was told.
Your employee thinks they installed a helpful assistant. They actually installed a pipeline from your corporate data to somewhere you don't control.
The Liability Question Nobody's Answered
When this goes wrong, and it will, three questions are going to matter:
Who's liable when an AI agent exfiltrates customer data? The employee who installed it? The company that didn't have a policy? The developer who shipped it without security defaults? Right now, nobody knows. The legal frameworks haven't caught up.
What's your exposure under existing data protection regulations? If ClawdBot was connected to Slack channels containing customer PII, and that data ended up on an unauthenticated server on the public internet, you have a breach. It doesn't matter that you didn't know. It doesn't matter that an employee did it without permission. The data was yours. The liability is yours.
What's your answer when the auditor asks what AI tools are running in your environment? If you don't know, that's a problem. If you can't find out, that's a bigger problem.
What To Do About It
ClawdBot was a hobby project with 82,000 GitHub stars. The commercial AI agents arriving over the next 12 months will be more polished, more capable, and deployed at vastly greater scale. The attack surface ClawdBot exposed doesn't shrink because the tools get better. It grows.
You have two choices. Wait for the incident and deal with the fallout. Or get ahead of it now.
Getting ahead of it means answering a few basic questions:
What AI tools are currently running in your environment? Most companies don't know. The first step is finding out.
Do you have a policy that covers autonomous AI agents, not just chatbots? Most AI acceptable use policies were written for ChatGPT. They don't contemplate tools that execute code, access file systems, and operate without human oversight.
Can your security team detect AI agent patterns? If the answer is no, or "I don't know," that's the gap to close.
Who owns AI governance in your organization? If the answer is "nobody" or "IT, I guess," you don't have governance. You have hope.
These aren't hard questions to answer. But somebody has to ask them. And in most companies, nobody is.
Raphael Savastano is the founder and principal consultant of ROFONIC LLC. With 25+ years in IT, 16 years in leadership, including 8 years as CIO scaling technology for a global manufacturer from M to 0M. He now helps growing companies get executive-level technology and operations leadership without the full-time cost. Want to know where your technology actually stands? Take the Founder's IT Reality Check →
