As generative AI goes from novelty to workplace staple, a new friction point has emerged: the "shadow AI" either "Bring your own AI (BYOAI)" crisis. Similar to the unauthorized use of personal devices in years past, developers and knowledge workers are increasingly deploying autonomous agents into personal infrastructure to manage their professional workflows.
"Our journey with Kilo Claw has been to make it easier and more accessible for people." says Kilo co-founder Scott Breitenother. Today, the company dedicated to providing a portable, multi-model, cloud-based AI coding environment is taking steps to formalize this. "shadow AI" cape: is being launched KiloClaw for organizations and KiloClaw Chat, a set of tools designed to provide enterprise-grade governance over personal AI agents.
The announcement comes at a time of great speed for the company. Since he made his Securely hosted, one-click OpenClaw product for individuals, KiloClaw, Generally available last month, more than 25,000 users have integrated the platform into their daily workflows.
At the same time, Kilo’s proprietary agent benchmark, PinchBench, has recorded over 250,000 interactions and recently gained significant industry validation when It was mentioned by Nvidia CEO Jensen Huang during his keynote speech at the Nvidia GTC 2026 conference. in San Jose, California.
The Shadow AI Crisis: Addressing the BYOAI Problem
The push for KiloClaw for Organizations arises from a growing visibility gap within large companies. In a recent interview with VentureBeat, Kilo leadership detailed conversations with high-level AI directors at government contractors who found their developers running OpenClaw agents on random VPS instances to manage schedules and monitor repositories.
"What we will be announcing on Tuesday is Kilo Claw for Organizations, where a company can purchase a package of Kilo Claws at the organization level and grant access to all team members." explained Kilo co-founder and head of product and engineering, Emilie Schario, during the interview.
"We can’t see any of that," The head of AI at one of those companies reportedly told Kilo. "No audit logs. No credential management. I have no idea which data touches which API".
This lack of oversight has led some organizations to issue blanket bans on autonomous agents before a clear deployment strategy can be formed.
Anand Kashyap, CEO and founder of a data security company Fortanixtold VentureBeat without seeing Kilo’s announcement that while "Openclaw has taken the tech world by storm…enterprise use is minimal due to security concerns with the open source version."
Kashyap expanded on this trend:
"Recently, NVIDIA (with NemoClaw), Cisco (DefenseClaw), Palo Alto Networks, and Crowdstrike have announced bids to create an enterprise version of OpenClaw with guardrails and governance for agent security. However, enterprise adoption remains low.
Businesses like centralized IT control, predictable behavior, and data security that keeps them compliant. An autonomous agent platform like OpenClaw goes beyond all of these parameters, and while security companies have announced their traditional perimeter security measures, they do not address the fundamental problems of having a reduced attack surface. Over time, we will see an agency platform emerge where agents are pre-built, packaged, and responsibly deployed with centralized controls and data access controls built into the agency platform, as well as the LLMs they turn to for instructions on how to perform the next task. Technologies like Confidential Computing provide data and processing compartmentalization, and are tremendously useful in reducing the attack surface."
KiloClaw for Organizations is positioned as the way the security team says "Yeah," providing the visibility and control necessary to bring these agents in-house.
Transitions agents from a developer-managed infrastructure to a managed environment characterized by scoped access and organizational-level controls.
Technology: universal persistence and "Swiss cheese" method
A key technical hurdle in today’s agent landscape is the fragmentation of chat sessions.
During the VentureBeat interview, Schario noted that even advanced tools often have problems with canonical sessions, frequently deleting messages or failing to sync between devices.
Schario emphasized the security layer that supports this new structure: “You get the same benefits of the Kilo gateway and the Kilo platform: you can limit which models people can use, get usage visibility, cost controls, and all the advantages of leveraging Kilo with managed, hosted, and controlled Kilo Claw.”
To address the inherent unreliability of autonomous agents, such as lost cron jobs or failed executions, Kilo employs what Schario calls the "swiss cheese method" of reliability. By layering additional protections and deterministic security barriers on top of OpenClaw’s base architecture, Kilo aims to ensure that tasks, such as a daily 6:00 pm digest, complete even if the underlying agent logic fails.
This is critical because, as Schario noted, “the real risk for any company is data leakage, and that can come from a bot commenting on a GitHub issue or accidentally sending an email to the person who’s going to be fired before they’re fired.”
Product: KiloClaw Chat and Organizational Barriers
While managed infrastructure solves the backend problem, KiloClaw Chat addresses the user experience. Schario noted that “it is easier to start with hosted and managed OpenClaw, but it is not enough and still requires being on the cutting edge of technology to understand how to configure it.” Kilo seeks to reduce that barrier for the average worker, asking, “How can we give people who have never heard the phrase OpenClaw or Claudebot an always-on AI assistant?”
Traditionally, interacting with an OpenClaw agent required connecting to third-party messaging services like Telegram or Discord, a process that involves browsing "BotParent" tokens and technical setups that alienate non-engineers.
“One of the main obstacles we see, both anecdotally and in the data, is that you get your bot running and then you have to connect a channel to it. If you don’t know what’s going on, it’s overwhelming,” Schario noted.
“We solved that problem. You don’t need to set up a channel. You can chat with Kilo in the web UI and, with the Kilo Claw app on your phone, interact with Kilo without setting up an external channel,” he continued.
This native approach is essential for corporate compliance because, as he further explained, “when we were talking about early business opportunities, they didn’t want you to use your personal Telegram account to chat with your work bot.” As Schario put it, there’s a reason business communication doesn’t flow through personal direct messages; When a company closes access, it must be able to close access to the bot.
Looking ahead, the company plans to further integrate these environments. “What we are going to do is make Kilo Chat the reference point between Telegram, Discord and OpenClaw, so you can get all the convenience of Kilo Chat but can use it on the other channels,” Breitenother added.
The enterprise suite includes several critical governance features:
-
Identity management: SSO/OIDC integration and SCIM provisioning for automated user lifecycles.
-
Centralized Billing: Full visibility into compute and inference usage across the organization.
-
Administration Controls: Organization-wide policies on which models can be used, specific permissions, and session durations.
-
Secret settings: Integration with 1Password ensures that agents never handle credentials in plain text, preventing accidental leaks.
Licensing and governance: the "robot account" model
Other security experts point out that managing permissions for AI agents and bots are among the most pressing issues facing businesses today.
As Ev Kontsevoy, CEO and co-founder of an AI infrastructure and identity management company Teleport told VentureBeat without seeing the Kilo news: "The potential impact of OpenClaw as a non-deterministic actor demonstrates why identity cannot be an afterthought. It has a self-contained agent with shell access, browser control, and API credentials, running in a persistent loop, across dozens of messaging platforms, with the ability to write its own abilities. That’s not a chatbot. This is a non-deterministic actor with broad access to the infrastructure and no cryptographic identity, no short-lived credentials, and no real-time audit trail linking actions to a verifiable actor."
Kilo proposes to solve it with a major change in the organizational structure: the adoption of employees "robot accounts".
In Kilo’s vision, each employee eventually carries two identities: their standard human account and a corresponding bot account, such as scott.bot@kiloco.ai.
These bot identities operate with strictly limited read-only permissions. For example, a bot can be given read-only access to company records or a GitHub account with contributor-only rights. This "scope" This approach allows the agent to maintain complete visibility of the data it needs to be useful while ensuring that it cannot accidentally share sensitive information with others.
Address data privacy concerns and "black box" algorithms, Kilo emphasizes that its code is available in source.
“Anyone can see our code. It is not a black box. When you buy Kilo Claw, you do not give us your data and we are not training with any of your data because we are not building our own model,” Schario clarified.
This licensing option allows organizations to audit the resilience and security of the platform without fear that their proprietary data will be used to improve third-party models.
Prices and availability
KiloClaw for Organizations follows a usage-based pricing model where organizations pay only for the computation and inference consumed. Organizations can use a "Bring your own key" (BYOK) or use Kilo Gateway credits to make inferences.
The service is available starting today, Wednesday, April 1. KiloClaw Chat is currently in beta and supports web, desktop, and iOS sessions. New users can evaluate the platform through a free tier that includes seven days of computing.
As Breitenother summarized to VentureBeat, the goal is to go from "only" implementations to a scalable model for the entire workforce: "I think Kilo for Organizations buys Kilo Claw by the bushel rather than on a one-time basis. And we hope to sell many bushels per kilo of claw.".
