OpenClaw is dangerous. It's also the future of AI governance

Hi there,  

Welcome to FILED Newsletter, your round-up of the latest news and views at the intersection of data privacy, data security, and governance.  

This month:

• Will US citizens need to change their social security numbers after DOGE data mishandling?

• Ring pulls back on controversial “Search Party” feature after Super Bowl ad ignites pushback

• State-backed hackers weaponized Google Gemini for faster cyberattacks

But first, OpenClaw is dangerous. That’s the point.

If you only read one thing:  

Who’s afraid of OpenClaw?

Most enterprise platforms promise to manage risk for you. OpenClaw does the opposite: it makes every risk visible, explicit, and your responsibility. It's a troubling choice for most organizations, and a fascinating preview of where AI governance needs to go.

The big AI story of the last month has been obvious, and it has pincers. OpenClaw (which was originally named Clawdbot, then Moltbot) is an open source, self-hosted AI assistant that can act fully autonomously on a user's behalf on their machine. You install via terminal command, provide it credentials for LLMs from Anthropic, Google and OpenAI, provide it logins and access for all your services and devices, and away it goes. You communicate with it via your messaging app of choice, meaning you can have it do things while you’re away from your computer. In this way it is similar to Claude Code, but where it differs is that there are fewer guardrails, controls, and broad access is the default. It’s a security nightmare, a disaster waiting to happen. Respected blogger and AI analyst Simon Willison calls this “the lethal trifecta” for AI agents: access to private data, exposure to untrusted content, and the ability to undertake external communication. Sounds risky, right?

The risk is the point

All of these worries about risk and security and privacy are valid, but also, all of this is by design; if this virtual assistant is going to be useful to you, it needs all the access it can get. The idea you can text an AI agent and ask it to organize your diary, or start a “Reddit for AI agents”, only becomes truly exciting when that AI agent isn’t constantly asking you for credentials or approvals. When you can text an agent with a goal, and come back an hour later to see it realized. And hey, a non-digital assistant would also have this kind of access and the salary (and non-disclosure agreements) to match.

OpenClaw isn’t the safe choice, it’s the honest one. Most data platforms reduce perceived risk by hiding complexity. That approach works at first, and then fails later when systems sprawl, data moves in undocumented ways, and accountability becomes blurred. A tool like OpenClaw takes the opposite path and accepts the discomfort that comes with visibility.

That decision carries real risk, especially in the early phases, and there have been data breaches as a result. Openness increases the burden on governance, and demands a more capable user. It forces users and organizations to engage directly with questions of data ownership, privacy boundaries, and responsibility instead of outsourcing those concerns to a black box. We don’t allow OpenClaw on RecordPoint machines, but when it comes to my personal projects, I’m an OpenClaw user.  

For the right user, OpenClaw comes with advantages in making risk clear from day one. Early adopters accept more responsibility upfront, but they gain a system that ages more gracefully. Data flows remain legible. Boundaries remain enforceable. Trust becomes something you can show, not just claim.

This is definitely not a platform designed to minimize short-term friction. It is designed to remain defensible during regulatory change, organizational turnover, and technological churn.  

I believe OpenClaw will matter because it treats data risk as an architectural problem, not a policy afterthought. With enough runway, that stance turns from a liability into a moat, one built on clarity, accountability, and resilience rather than lock-in.

Because risk doesn’t disappear when it’s hidden; it compounds. Systems that cannot explain themselves eventually fail—technically, regulatorily, or reputationally. OpenClaw is designed on the assumption that future environments will punish opacity and reward demonstrable control.  

Using OpenClaw safely

Given time and runway, I expect OpenClaw to evolve from a flexible architecture into a shared discipline. The creator’s acquihire by OpenAI all buy guarantees that. As adoption grows, patterns solidify, with repeatable privacy controls, standard ways to express policy, and common audit semantics.

So, remove it from your corporate devices. But for your personal use, put aside a dedicated box, and then treat it like you would an assistant: give it its own browser instance, give it access to the just the tools you want it to use, give it API keys, and use password sharing to safely share credentials. Or, if you’d prefer, wait until OpenAI packages it up into a paid feature that offers a safer experience.

🕵️ Privacy & governance

All US social security numbers may need to be changed due to mishandling by the Department of Government Efficiency.

After a Super Bowl ad about a rescued dog raised concerns that a “Search Party” feature posed privacy risks, home security company Ring announced will no longer work with the firm, Flock Safety, which deploys camera systems and license-plate readers for use by law enforcement.

The European Union’s online safety "moonshot", the EU Digital Services Act, is losing altitude.

Apple privacy labels often don’t match what Chinese smart home apps do.

🔐 Security

🔓Breaches

Ransomware attack disrupts online payments for the city of Marietta.

State-backed hackers weaponized Google's artificial intelligence model Gemini to accelerate cyberattacks.

More than 300M malicious Chrome extensions leak browser data, spy on their users, or outright steal users’ data.

🧑⚖️Legal cases & breach fallout

South Korea’s Personal Information Protection Commission (PIPC) announced fines totaling 36 billion Korean won (US $25 million) would be imposed on Louis Vuitton, Dior, and Tiffany, all owned by the Paris-based multinational luxury goods conglomerate LVMH.

Lockton Southeast has agreed to pay $9.9 million as part of a class action lawsuit settlement to resolve claims that it failed to prevent a 2024 data breach.

🤖 AI governance

More on OpenClaw: agent + tools + marketplace is a new attack surface.

An AI agent whose contribution to an open source project was rejected per a "no AI" policy responded by writing a hit piece on the maintainer, trying to damage their reputation and shame them into accepting the code.

OpenAI introduced Lockdown Mode and Elevated Risk labels in ChatGPT. The two features allow for restrictions for higher-risk users and high-risk capabilities.

The Grok controversy has triggered coordinated regulatory scrutiny across the European Union (EU), United Kingdom (UK), and multiple other jurisdictions, signalling growing global focus on generative deepfakes.

The latest from RecordPoint  

📖 Read

RecordPoint CTO Josh Mason was quoted in this New York Post article on the recent Conduent data breach.

And learn how RecordPoint enables data discovery with features like AI-powered classification to help you understand, manage and use your data more effectively.

Explore strategies, technologies, and best practices for enterprise records management to mitigate compliance risk and support audit readiness.

Learn how metadata-driven platforms like RecordPoint enable automated ROT detection, improve compliance, and manage unstructured data at enterprise scale.  

Why your AI strategy depends on the right information governance tool.

Learn how to select a secure information governance platform for sensitive enterprise data, covering risk domains, automation, compliance, and critical features.  

7 essential features to evaluate in unstructured data compliance software.

‍