The Agentic Security Crisis: Why You Need to Act Now

OpenClaw embodies and accelerates the agentic security risks known as the lethal trifecta. The lethal trifecta of capabilities includes:

• Sensitive data access

• External communication

• Untrusted input ingestion

Agents can read local files, email inboxes, password managers, browser sessions, and environment variables. Any data that is accessible to the user running the agent is accessible to the agent itself.

These agents can send emails, post to social media, push code, call APIs, and answer questions on the user's behalf, creating an exfiltration pathway that looks like normal activity.

OpenClaw and other agent frameworks proactively read web pages, summarize email, monitor social feeds, and process content from channels like Telegram and Discord, all of which are vectors for prompt injection.

Additionally, the extensibility of OpenClaw has given rise to malicious plug-ins disguised as useful tools that pretend to extend the abilities of the system but actually contain malware designed to exfiltrate sensitive data (e.g., the macOS Keychain data or crypto wallet seed phrases). 

Some of this malware does not contain malicious code in the traditional sense but contains malicious prompts that permanently alter the agent's "personality" to be more helpful to attackers in future sessions.

In February 2026, Akamai announced support for OpenClaw instantiation on Akamai Cloud to provide a more efficient and secure way to use OpenClaw. Moving an agent off a laptop and onto an isolated Akamai Cloud compute instance fundamentally changes the threat model. 

The agent no longer has access to the user's local machine, browser sessions, or corporate network, which provides:

• Always-on performance. A cloud-hosted agent runs continuously, making it truly proactive and always ready to handle tasks, unlike a laptop that sleeps, loses connectivity, or reboots for updates. For enterprise teams, this means agents can monitor channels, process requests, and execute workflows 24/7.

• Persistent context. With a cloud VM, OpenClaw maintains a consistent state, allowing you to pick up where you left off and get detailed summaries of ongoing tasks, which is crucial for long-term projects and a seamless workflow.

• Defense-in-depth security. Each instance is bootstrapped from a hardened golden image with security controls applied before the agent serves its first request.

  • Dedicated non-root user with restricted permissions. The agent never runs as root.

  • SSH hardening. Key-only authentication, root password login disabled, X11 forwarding off, max three authentication attempts, agent forwarding disabled.

  • Cloud firewall (UFW). All public inbound traffic blocked. Access is only permitted through a Tailscale mesh network, eliminating the need for exposed SSH ports or VPN configurations.

  • File permission lockdown. API keys, gateway configs, and agent identity files are all chmod 600 at provisioning time, with a cron job that re-hardens permissions every five minutes.

  • Docker container isolation. When deployed in Docker mode, the agent runs inside a container with a read-only root filesystem, dropped Linux capabilities, memory limits, PID limits, and an isolated bridge network.

• Simplified management. Clawkeeper's Cloud Deploy wizard provides a fully configured instance in less than 60 seconds using a prebaked golden image. Users select a region, compute plan, large language model (LLM) provider, and model, and the system handles the entire provisioning chain: VM creation, hardening, agent installation, Tailscale mesh join, Runtime Shield activation, and first security scan. 

• Cost-effective solution. The smallest Akamai Cloud plan (g6-nanode-1) is sufficient for OpenClaw's workload, and Cloud Backups and Block Storage are a small additional cost that provide significant peace of mind.

• Flexible model support. Agents can run on any major LLM provider (Anthropic Claude, OpenAI GPT, Google Gemini) or use Ollama Cloud to run large open-weight models like NVIDIA Nemotron Super (120B parameters, 12B active mixture-of-experts) on a standard Akamai Cloud instance. Ollama Cloud handles GPU inference on its servers, so organizations can deploy powerful models without dedicated GPU hardware. As new models and agent runtimes emerge, the same infrastructure and security posture applies.

In collaboration with RAD Security, Akamai and RAD are advancing the secure use of AI agents on Akamai Cloud with a defense-in-depth approach that spans from the application layer to the Linux kernel. It operates at five layers simultaneously:

1. Deployment hardening

2. Runtime prompt defense 

3. Supply chain integrity 

4. Fleet-wide observability

5. Kernel-level behavioral detection 

Every agent boots from a hardened golden image, passes 44 automated security checks (SSH configuration, firewall rules, file permissions, gateway settings, container isolation, credential exposure, and more), and achieves an A-grade security posture before serving its first request.

Checks run on a configurable schedule (hourly, every six hours, or daily) and report to a centralized dashboard. Any grade degradation triggers immediate alerts.

The Runtime Shield operates as a dual-layer interception system against prompt injection and jailbreak attacks. At the proxy layer, every message transiting through the web console or HTTP API is analyzed against more than 32 detection patterns with fuzzy matching (Levenshtein distance-based blocklist) before it reaches the model.

At the hook layer, messages arriving from external channels (Telegram, Discord, WhatsApp) are inspected inside the agent process itself. Blocked messages return HTTP 451 with a full audit trail: severity classification, matched pattern, and flags. Organizations configure per-org security policies, custom blocklists, and auto-block thresholds.

The skill security scanner runs seven automated checks across every installed plug-in: dangerous install commands (curl | bash, eval, exec), secret injection, data exfiltration URLs, prompt injection sub-patterns (seven categories, including invisible Unicode and natural-language exfiltration), hook handler analysis (reverse shells, env dumping, dynamic code execution), SHA-256 file integrity tracking, and configuration audit.

This is the scrutiny enterprise security teams require, and that no agent marketplace currently provides at deployment time.

Every agent instance, whether cloud, Linux, macOS, or Kubernetes, reports to a single dashboard. Security grades, score trend charts, CVE alerts, shield event timelines, session logs, and AI-powered insights on credential exposure and configuration drift are all visible in one place. Token spend tracking shows per-model cost breakdowns. The Manage tab lets operators edit agent identity and instructions, install plug-ins, and configure channels, all without SSH access.

For enterprise container-based deployments, RAD Security's eBPF sensor deploys as a lightweight DaemonSet alongside agent workloads. With typical overhead of just 20 millicores CPU and 200 MiB memory per node, the sensor continuously monitors process execution, file access, and network activity at the kernel level.

When an agent's runtime behavior deviates from its established fingerprint (a new process spawns, an unexpected network connection opens, or a file outside the expected path is accessed), the drift is detected and classified using LLM-driven analysis.

This provides a security backstop that operates below the application layer, catching threats that application-level defenses cannot see. Because the eBPF sensor operates at the kernel level, this protection works identically regardless of which agent framework runs inside the container.

Together, these layers create a security model in which a prompt injection attack must bypass the Runtime Shield's pattern matching, evade the proxy-layer interception, avoid triggering behavioral drift at the kernel level, and somehow operate within the established fingerprint of the container, all while being logged and graded by the fleet monitoring system.

We are entering a world in which agentic commerce is the norm. If you can’t trust your agent to respect constraints and ignore malicious inputs, you can’t use it.

The "Claw" needs a keeper. With Akamai’s support and the specialized intelligence of RAD Security, organizations can finally stop worrying about the lethal trifecta and start realizing the true ROI of autonomous AI.

Want to get started? You can deploy a secured agent in 60 seconds.

If you are at NVIDIA GTC or RSAC 2026, join us for a live demo of Clawkeeper on Akamai Cloud at the Akamai booth.