Security Firm Finds AI Agent Tool With 500,000 Deployments Lacks Enterprise Kill Switch

Researchers at Cato Networks have identified a serious security gap in OpenClaw, an AI personal assistant tool with more than 500,000 active deployments: the software has no enterprise-level kill switch, leaving organizations unable to remotely disable or revoke compromised instances. The findings were presented at RSAC 2026 The core problem, according to Maor, is architectural. The enterprise software industry adopted zero trust, least privilege, and assume-breach frameworks precisely because credentials and sessions get stolen. But AI agent platforms have largely been deployed with the kind of ambient access and long-lived sessions that security teams spent years eliminating from traditional software. "Your AI? It's my AI now," Maor said, summarizing the threat model in an interview with VentureBeat. OpenClaw is capable of Cato Networks said it disclosed its findings to OpenClaw's developer prior to publication. The company has not issued a public statement in response.