Brief IA

OpenClaw and the Rise of AI Agents: A Major Governance Challenge

🤖 Models & LLM·Tom Levy·

OpenClaw and the Rise of AI Agents: A Major Governance Challenge

OpenClaw and the Rise of AI Agents: A Major Governance Challenge
Key Takeaways
1Generative AI reached a key milestone between December 2025 and January 2026 with no-code tools and OpenClaw.
2California law AB 316, effective January 2026, holds humans accountable for the actions of AIs.
3An IDC survey reveals that 96% of companies using generative AI have higher costs than expected.
💡Why it mattersThe rise of autonomous AI agents imposes new governance rules and financial challenges for businesses.
Le brief IA que lisent les pros

Le brief IA que les pros lisent chaque soir

Les 7 actus IA du jour, décryptées en 5 min. Gratuit.

Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.

Choisis ton rythme

Gratuit · Pas de spam · Désabonnement en 1 clic

📄
Full Analysis

The Rapid Evolution of Generative AI

Parents of young children are often concerned about the crucial developmental milestones of their offspring, whether it’s learning to walk or talk. These milestones serve as benchmarks to assess the child's well-being and determine if further testing is necessary to diagnose potential health conditions. The excitement of a child's first steps quickly transforms into an awareness of new safety challenges as the child transitions from the slow pace of crawling to the speed of walking.

Similarly, generative AI has seen significant advancements between December 2025 and January 2026. This period witnessed the emergence of no-code tools offered by various providers, as well as the launch of OpenClaw, an open-source personal agent available on GitHub. This technology, which was in its infancy, suddenly took off, leaving governance principles largely ill-equipped to handle this new pace of development.

Responsibility in the Face of Autonomous AI

Historically, AI governance has focused on the risks associated with decisions made by models, particularly in areas where human involvement is crucial, such as loan approvals or job applications. Major concerns revolved around model behavior, including drift, alignment, data exfiltration, and poisoning. Interactions between humans and machines, primarily in the form of chatbots, dictated the pace of these exchanges.

Today, with the advent of autonomous agents capable of managing complex workflows, human involvement is increasingly diminished. The goal is to leverage businesses at machine speed, automating manual tasks through well-defined architectures and decision rules. However, accountability remains a significant issue, as there should be no reduction in enterprise risk between an automated workflow and a human workflow. As CX Today illustrates, "AI does the work, humans bear the risk." California law AB 316, which came into effect on January 1, 2026, reinforces this accountability by eliminating the excuse "AI did it; I didn’t approve it."

The real challenge lies in integrating an operational governance code that aligns with varying levels of risk and responsibility throughout the workflow. Once static, governance must now adapt to autonomous AI, which, by its nature, removes humans from many decisions, complicating governance.

Permissions and Their Implications

Allowing a probabilistic system to operate without real-time safeguards, capable of modifying critical business data, is akin to giving a three-year-old a gaming console that controls an Abrams tank or an armed drone. Agents capable of linking and executing actions across various enterprise systems can bypass the privileges that a single human user might be granted. To succeed, governance must evolve beyond policies established by committees, integrating operational code from the outset of workflows.

A humorous meme illustrates the behavior of young children with toys: what’s yours is mine, and what’s broken is definitely yours. For instance, OpenClaw was designed to provide a user experience close to that of a human assistant, but enthusiasm turned to concern when security experts found that inexperienced users could be easily compromised.

For a long time, enterprise IT has had to contend with shadow IT, where skilled technical teams take over and repair assets they did not design or install, much like a child returning a broken toy. With autonomous agents, the risks are even higher: persistent service account credentials, long-lived API tokens, and permissions to make decisions on essential file systems. To overcome this challenge, it is crucial to budget for adequate IT resources and workforce from the start to support central discovery, oversight, and remediation of the thousands of agents created by employees or departments.

The Need for an AI Agent Retirement Plan

Recently, an acquaintance managed to save a client hundreds of thousands of dollars by identifying and shutting down a "zombie project" — a neglected or failed AI pilot left running on a GPU cloud instance. There are potentially thousands of agents at risk of becoming a fleet of zombies within a company. Many leaders today encourage their employees to use AI, and they are incentivized to create their own AI-first workflows or assistants. With tools like OpenClaw and top-down guidelines, the number of "self-built" agents is set to explode.

Given that an AI agent is a program that falls under the definition of the company's intellectual property, when employees change departments or companies, these agents can become orphaned. Therefore, it is essential to establish proactive policies and governance to decommission and remove any agent tied to a specific employee ID and permissions.

Financial Optimization as Integrated Governance

For some leaders, autonomous AI is seen as a way to improve operational margins by reducing human capital. However, many are discovering that the return on investment for replacing human labor is a misguided approach. Adding AI capabilities to the enterprise is not just about purchasing a new software tool with predictable per-instance or per-seat pricing. A December 2025 IDC survey, sponsored by Data Robot, revealed that 96% of organizations deploying generative AI and 92% of those implementing agentic AI found costs to be higher than expected.

The survey distinguishes between governance concepts and return on investment, but as AI systems grow within large enterprises, financial and accountability governance must be integrated into workflows from the outset. Enterprise-class governance stems from forecasting and adhering to allocated budgets. Unlike software financial models based on per-seat costs with support and maintenance fees, the use of AI relies on consumption and usage costs that increase as the workflow scales across the enterprise: the more users there are, the more tokens or compute time, and the higher the bill.

Cloud FinOps were deterministic, but generative AI and agentic AI systems built on generative AI are probabilistic. Some AI-focused founders realize that a single agent token can cost up to $100,000 per session. Without built-in safeguards from the start, chaining complex autonomous agents that operate without supervision for extended periods can easily exceed the budget for hiring a junior developer.

The Importance of Keeping Humans in the Loop

Autonomous agentic AI promises to accelerate business operations, product launches, customer experience, and customer retention. Shifting to machine-speed decisions without human intervention for these key functions significantly alters the governance landscape. While many principles around proactive permissions, discovery, auditing, remediation, and financial/operational optimizations remain the same, their implementation must evolve to keep pace with autonomous agentic AI.

Brief IA — L'actualité IA en français

L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.