Autonomous agent orchestration tool OpenClaw hit the scene last November and immediately went viral, but its dramatic flaws were exposed just as quickly.

Still, it marked a pivotal step in the agentic AI era, and enterprises have been exploring ways to deploy fleets of autonomous agents safely and securely ever since.

Automation Anywhere Tuesday rolled out its answer to this challenge, EnterpriseClaw, created in collaboration with Cisco, Nvidia, Okta, and OpenAI.

The company says the platform will enable companies to deploy autonomous AI agents across their desktops, cloud platforms, secured ‘behind-the-firewall’ networks, and on-premises systems, all while maintaining centralized control, access, and observability.

Automates business-critical work

EnterpriseClaw is built on Automation Anywhere’s Process Reasoning Engine (PRE) and Contextual Intelligence Graph, which automate business-critical work. It also integrates with Cisco AI Defense and DefenseClaw to provide security purpose-built for AI agents, Nvidia’s open-source runtime OpenShell, NIM microservices and Nemotron models for on-premises customers, and Okta’s cross-agent identity management and authentication controls. Furthermore, OpenClaw’s OpenAI collaboration will give customers access to leading models like GPT-5.5.

“The level of distrust and insecurity associated with OpenClaw is covered in significant detail in the EnterpriseClaw launch,” said Manish Jain, a principal research director at Info-Tech Research Group. “The collaboration between Nvidia, OpenAI, Okta, and Cisco adds to the credibility of the proposition of trusted infrastructure, identity, and security layers.”

Automation Anywhere says the platform will give enterprises the ability to deploy agents in parallel in managed containers behind firewalls, providing local access to files, apps, browsers, and terminals. Agents can hand off tasks and combine outputs so that value “compounds” rather than being isolated and confined to single-agent tasks, the company said.

Users can set policies, access controls, guardrails, and agent credentials, which are all enforced locally on-device, and receive information on telemetry, audit logs, and large language model (LLM) usage.

The company pointed to use cases like claims investigation: AI agents can gather information across desktop apps, internal documents, on-premises systems, and cloud platforms, all while keeping financial, operational, and other sensitive data secured inside enterprise systems. Other usage scenarios include code generation and debugging, local file post-incident log analysis, research, user interface (UI) automation, and secure data processing in regulated environments.

EnterpriseClaw is now available in preview, with general availability expected later this year.

No clear differentiator

Still, there’s no clear-cut differentiator here, noted Jason Andersen, a VP and principal analyst with Moor Insights & Strategy. Nvidia has already announced its NemoClaw open-source stack to provide guardrails for always-on agents, and EnterpriseClaw has essentially the same capabilities and generally-available stack.

“Which begs the question: If you are already using Nvidia’s, why choose this?” he asked. Indeed, the Cisco and Okta capabilities will “likely be interesting” to their existing bases. “But again, those products already work with other tools,” Andersen pointed out.

OpenClaw-like agents changing everything

Ultimately, noted technology analyst Carmi Levy, OpenClaw’s arrival has changed enterprise leaders’ view of AI, because it turned what was previously just a concept of AI agents into an everyday-accessible tool for a mass audience.

“As ChatGPT took chatbots out of the lab and drove them into mainstream use, OpenClaw did the same for AI agents,” he said. It shifted the notion of AI from something we chat with to something that actually gets work done. This represents “a key step in replacing human capital with technological capital.”

Info-Tech’s Jain explained that OpenClaw provided AI with three key features: Local execution via a desktop or laptop, persistent autonomy (operation without human input), and direct control over various systems such as WhatsApp or Slack.

“In effect, OpenClaw gave its agents claws (hands), allowing them to run in the background continuously,” he said. They can then execute real-world actions across file systems, web browsers, and applications based on a “single thread” of chat messaging.

But when claw agents quickly began leaking information about user data, there was a “polarization of emotions,” with users both excited and shocked about what they could do and access, he pointed out.

“OpenClaw did not meet enterprise-grade product standards,” said Jain. “The data leaks and inappropriate behaviors associated with claw agents exhibit how an uncontrolled tool, when introduced with no guardrails, will lead to massive issues.”

While Automation Anywhere is deploying EnterpriseClaw in partnership with a group of credible companies, that is just one side of the story; enterprises must govern all AI agents as “persistent digital actors without conscience,” he noted.

Moor’s Andersen also pointed out that OpenClaw can be run on many different models, essentially as a client and a server. But this means there are no real governance capabilities available, “so it’s kind of a wild west, which is why we are seeing companies create these enterprise offerings,” he said.

Claw agents ‘amazing,’ but enterprises beware

What resonates most about OpenClaw is that it can be run alongside open-source AI models like Gemma on a local machine, and users don’t have to pay for or worry about data, Andersen pointed out. This is a direct response to other wildly popular but more expensive tools like Claude Cowork; the latter is “amazing,” but “somewhat addictive,” so users can easily burn through the lowest-cost $20 a month usage credit option.

Tools like OpenClaw are “pretty great” when you have many tasks running in parallel, Andersen noted. For instance, in a marketing campaign, agents can check sales volumes and generate new content at the same time.

Levy added that agents could potentially replace “the human worker-bee” altogether, handling the minutiae of day-to-day work.

Helpdesk workflows are “particularly aligned” with the capabilities of OpenClaw-like agents, he pointed out, as the agents can autonomously manage and close tickets. Or, in administrative work, they can take on repetitive, low-risk and high-return tasks like scheduling meetings, drafting email messages, and managing follow-ups. In software development, vibe-coding agents can efficiently generate large volumes of code for diverse projects.

“Is the code any good? The verdict is still out on that, but it’s clear that OpenClaw-like agents are already rapidly tilting the coding landscape in favour of automation,” said Levy.

Still, agents need a lot of permissions to live up to expectations, which can introduce “unnecessary or unacceptable” levels of risk, he noted. Builders will need to grant sufficient access to maintain productivity, but not so much that they set the stage for an “AI-powered debacle” down the road.

Enterprises also run the risk of AI-fed data leakage, likely from opportunistic agents accessing sensitive data from multiple sources and sharing it beyond originally intended purposes, Levy said. Agents are subject to “AI-ified cybersecurity risks,” such as prompt injection and instruction attacks that use hidden text in documents to autonomously execute remote commands.

Another issue is explainability; particularly in regulated industries, enterprises must be able to show traceability and justify why a certain action was taken and who signed off on it. Additionally, “longer-term reliance at this level will inevitably erode institutional knowledge as the human workers who originally crafted it are replaced by automation,” Levy cautioned.

This article originally appeared on CIO.com.