The Infocomm Media Development Authority (IMDA) issued an advisory warning users against granting the agentic AI platform OpenClaw unrestricted access to files and applications [1, 2].

This warning highlights the critical tension between the rapid adoption of autonomous AI agents and the security protocols required to protect sensitive organizational data. As companies integrate agentic AI to automate complex workflows, gaps in authentication can create significant vulnerabilities in corporate infrastructure.

According to the IMDA, OpenClaw possesses limited built-in security controls and authentication gaps [1, 2]. The agency said these flaws pose a risk of leaking sensitive data to external AI model providers or causing operational disruptions [1, 2].

Security reports indicate that there are more than 400 reported vulnerabilities and exposures related to OpenClaw [3]. These weaknesses make the platform particularly risky for use in mission-critical settings where data integrity is paramount [1].

The IMDA advised organizations to avoid giving the tool unrestricted access to their systems [1, 2]. By implementing stricter access controls, the agency said users can mitigate the risk of unauthorized data exposure, and system instability [1, 2].

OpenClaw possesses limited built-in security controls and authentication gaps

The advisory reflects a growing regulatory focus on 'agentic AI'—systems that can take actions autonomously rather than just generating text. Because these agents require deeper integration into file systems and software applications to function, any security flaw becomes a direct gateway to a company's private data, shifting the risk from simple misinformation to systemic operational failure.