As generative AI moves from a novelty to a workplace staple, a new point of friction has emerged: "shadow AI" or "Bring Your Own AI (BYOAI)" crisis. Much like the unauthorized use of personal devices in years past, developers and knowledge workers are increasingly deploying autonomous agents in personal infrastructure to manage professional workflows.
"Our journey with Kilo Claw has been to make it easier, easier and more accessible for people." he says weight co-founder Scott Breitenother. Today, a company dedicated to providing a portable, multi-model, cloud-based AI coding environment is moving to make it official. "shadow AI" layer: is enabled KiloClaw for organizations and KiloClaw Chat, a suite of tools designed to provide enterprise-level control over personal AI agents.
The announcement comes at a time of high momentum for the company. Since the creation A securely hosted, one-click OpenClaw product for individuals, KiloClaw, In total, more than 25,000 users integrated the platform into their daily workflows last month.
Meanwhile, Kilo’s proprietary agent, PinchBench, has recorded more than 250,000 interactions and recently won significant industry recognition. It was referenced by Nvidia CEO Jensen Huang during his keynote speech at the 2026 Nvidia GTC conference. San Jose, California.
The Shadow AI Crisis: Solving the BYOAI Challenge
The impetus for KiloClaw for Organizations comes from a growing visibility gap within large enterprises. In a recent interview with VentureBeat, Kilo management had detailed conversations with senior AI directors at government contractors who discovered they were running OpenClaw agents on random VPS instances to manage calendars and monitor warehouses.
"What we’re announcing Tuesday is Kilo Claw for organizations, where a company can buy an organization-wide package of Kilo Claws and give every team member access." Kilo co-founder and head of product and engineering Emilie Schario explained during an interview.
"We can’t see any of that," The head of artificial intelligence of such a firm told Kilo. "No audit trail. No credential management. I have no idea which data is touching which API".
This lack of control has led some organizations to impose blanket bans on autonomous agents before a clear deployment strategy is formulated.
Anand Kashyap, CEO and founder of data security firm FortanixKilo spoke to VentureBeat without seeing the announcement "Openclaw has taken the tech world by storm…the open source version has minimal enterprise use due to security concerns."
Kashyap expanded on this trend:
"Recently, NVIDIA (with NemoClaw), Cisco (DefenseClaw), Palo Alto Networks, and Crowdstrike announced proposals to build an enterprise-ready version of OpenClaw with guardrails and controls for agent security. However, enterprise adoption continues to be low.
Enterprises like centralized IT control, predictable behavior and data security that keep them relevant. An autonomous agent platform like OpenClaw pushes the envelope on all of these parameters, and while security experts tout traditional perimeter security measures, they don’t address the fundamental challenges of reducing the attack surface. Over time, we will see the emergence of an agent platform where agents are pre-built and packaged and deployed with responsibility-centric management tools and data access controls built into the agent platform, as well as LLMs that they call to get instructions for the next task. Technologies such as Confidential Computing provide partitions of data and processing and are very useful in reducing the attack surface."
For organizations, KiloClaw is positioned as a way for the security team to tell "yes," providing the visibility and control required to bring these agents home.
It transforms agents from a developer-managed infrastructure to a managed environment characterized by comprehensive access and enterprise-level controls.
Technology: Universal persistence and "Swiss cheese" method
A major technical hurdle in the current agent landscape is the fragmentation of chat sessions.
During the VentureBeat interview, Schario noted that even advanced tools often struggle with canonical sessions, often dropping messages or not syncing across devices.
Schario emphasized the layer of security that supports this new structure: “You get all the same benefits of the Kilo gateway and the Kilo platform: you can limit the models people can use, have visibility of usage, control costs, and get all the benefits of using Kilo with managed, hosted, managed Kilo Claw.”
Kilo uses what it calls Schario to address inherent vulnerabilities of autonomous agents, such as skipped cron jobs or failed executions. "Swiss cheese method" reliability. By layering additional safeguards and deterministic safeguards on top of the core OpenClaw architecture, Kilo aims to ensure that tasks such as the daily 6pm summary are completed even if the underlying agent logic breaks.
This is important because, as Schario points out, “The real risk for any company is information leakage, which can come from a bot commenting on a GitHub issue or accidentally emailing someone who’s about to be fired before they’re fired.”
Product: KiloClaw Chat and organizational protectors
While managing infrastructure solves the backend problem, KiloClaw Chat addresses the user experience. “Deployed, managed OpenClaw is easier to get started, but it’s not enough and still requires being on the edge of the technology to understand how to build it,” Schario noted. Kilo seeks to lower this barrier for the average worker, asking: “How can we give an always-on AI assistant to people who have never heard of OpenClaw or Claudebot?”.
Traditionally, connecting to an OpenClaw agent requires connecting to third-party messaging services such as Telegram or Discord—a process that involves navigation. "BotDaddy" features and technical configurations that alienate non-engineers.
“One of the number one hurdles we’ve seen both anecdotally and in the data is that you launch your bot and then attach a channel to it. If you don’t know what’s going on, that’s huge,” Schario said.
“We’ve solved that problem. You don’t need to set up a channel. You can chat with Kilo in the web UI and communicate with Kilo without setting up an external channel with the Kilo Claw app on your phone,” he continued.
This native approach is important for enterprise compliance because, as he further explains, “When we’re talking to early enterprise opportunities, they don’t want you using your personal Telegram account to chat with your business bot.” As Schario says, there’s a reason enterprise communications don’t go through personal DMs; when a company blocks access, they should be able to block access to the bot.
Looking to the future, the company plans to further integrate these environments. “What we’re going to do is make Kilo Chat a gateway between Telegram, Discord and OpenClaw, so you get all the convenience of Kilo Chat, but you can use it in other channels,” Breitenother said.
The Enterprise package includes several important management features:
-
Identity Management: SSO/OIDC integration and SCIM provisioning for automated user lifecycles.
-
Centralized Billing: Full visibility into billing and statement usage across the organization.
-
Admin Controls: Organizational policies regarding which models can be used, specific permissions, and session durations.
-
Hidden Configuration: Integration with 1Password ensures that agents never manage credentials in plain text, preventing accidental leaks.
Licensing and administration: The "bot account" model
Other security experts point out that managing bot and AI agent permissions is one of the most pressing challenges facing enterprises today.
Like Ev Kontsevoy, CEO and co-founder of an AI infrastructure and identity management company Teleport Without seeing the news, Kilo told VentureBeat: "As a non-deterministic actor, OpenClaw’s potential impact demonstrates why identity cannot be an afterthought. You have an autonomous agent with shell access, browser control, and API credentials—running in a continuous loop, across dozens of messaging platforms, and with the ability to write their own skills. This is not a chatbot. It is a non-deterministic actor with access to extensive infrastructure and cryptographic identification, short-lived credentials, and actions that bind a real-time audit trail to a verifiable actor."
Kilo suggests a solution with a major change in the organizational structure: employee acceptance "bot accounts".
According to Kilo, each worker ultimately carries two identities – a standard human account and a corresponding bot account such as scott.bot@kiloco.ai.
This bot authentication works with strictly limited, read-only permissions. For example, a bot can be given read-only access to company records or a GitHub account with only contributor rights. This "comprehensive" approach allows the agent to have full visibility of the information they need to be helpful, while preventing them from accidentally sharing sensitive information with others.
Addressing data privacy concerns and "black box" algorithms highlight that the Kilo code is an available resource.
“Anyone can go and look at our code. It’s not a black box. When you buy Kilo Claw, you’re not giving us your data, and because we’re not building our own model, we’re not training on any of your data,” Schario clarified.
This licensing option allows organizations to test the stability and security of the platform without fear of proprietary data being used to improve third-party models.
Price and availability
For organizations, KiloClaw follows a usage-based pricing model where companies pay only for the compute and output that is consumed. Organizations a "Bring your own key" (BYOK) approach or use Kilo Gateway credits to get results.
The service is available starting today, Wednesday, April 1. KiloClaw Chat is currently in beta with support for web, desktop and iOS sessions. New users can evaluate the platform through a free tier that includes seven days of billing.
As Breitenother summarized to VentureBeat, the goal is to move past it "once and for all" Deploying a scalable model for the entire workforce: "When I say Kilo for organizations, I mean Kilo Claw as a one-time purchase instead of a one-time purchase. And we hope to sell many pounds of pawpaw".
