The end of 'shadow AI' at enterprises? Kilo launches Kilo Claw for Organizations to enable secure AI agents at scale | Venture Beat

Overview

The end of 'shadow AI' at enterprises? Kilo launches Kilo Claw for Organizations to enable secure AI agents at scale

Credit: Venture Beat made with Google Gemini 3.1 Pro Image

Details

Credit: Venture Beat made with Google Gemini 3.1 Pro Image

As generative AI matures from a novelty into a workplace staple, a new friction point has emerged: the "shadow AI" or "Bring Your Own AI (BYOAI)" crisis. Much like the unsanctioned use of personal devices in years past, developers and knowledge workers are increasingly deploying autonomous agents on personal infrastructure to manage their professional workflows.

"Our journey with Kilo Claw has been to make it easier and easier and more accessible to folks," says Kilo co-founder Scott Breitenother. Today, the company dedicated to providing a portable, multi-model, cloud-based AI coding environment is moving to formalize this "shadow AI" layer: it's launching Kilo Claw for Organizations and Kilo Claw Chat, a suite of tools designed to provide enterprise-grade governance over personal AI agents.

The announcement comes at a period of high velocity for the company. Since making its securely hosted, one-click Open Claw product for individuals, Kilo Claw, generally available last month, more than 25,000 users have integrated the platform into their daily workflows.

Simultaneously, Kilo’s proprietary agent benchmark, Pinch Bench, has logged over 250,000 interactions and recently gained significant industry validation when it was referenced by Nvidia CEO Jensen Huang during his keynote at the 2026 Nvidia GTC conference in San Jose, California.

The shadow AI crisis: Addressing the BYOAI problem

The impetus for Kilo Claw for Organizations stems from a growing visibility gap within large enterprises. In a recent interview with Venture Beat, Kilo leadership detailed conversations with high-level AI directors at government contractors who found their developers running Open Claw agents on random VPS instances to manage calendars and monitor repositories.

"What we’re announcing on Tuesday is Kilo Claw for organizations, where a company can buy an organization-level package of Kilo Claws and give every team member access," explained Kilo co-founder and head of product and engineering Emilie Schario during the interview.

"We can't see any of it," the head of AI at one such firm reportedly told Kilo. "No audit logs. No credential management. No idea what data is touching what API".

This lack of oversight has led some organizations to issue blanket bans on autonomous agents before a clear strategy on deployment could be formed.

Anand Kashyap, CEO and founder of data security firm Fortanix, told Venture Beat without seeing Kilo's announcement that while "Openclaw has taken the technology world by storm... the enterprise usage is minimal due to the security concerns of the open source version."

"In recent times, NVIDIA (with Nemo Claw), Cisco (Defense Claw), Palo Alto Networks, and Crowdstrike have all announced offerings to create an enterprise-ready version of Open Claw with guardrails and governance for agent security. However, enterprise adoption continues to be low.

Enterprises like centralized IT control, predictable behavior, and data security which keeps them compliant. An autonomous agentic platform like Open Claw stretches the envelope on all these parameters, and while security majors have announced their traditional perimeter security measures, they don't address the fundamental problems of having a reduced attack surface. Over time, we will see an agentic platform emerge where agents are pre-built and packaged, and deployed responsibly with centralized controls, and data access controls built into the agentic platform as well as the LLMs they call upon to get instructions on how to perform the next task. Technologies like Confidential Computing provide compartmentalization of data and processing, and are tremendously helpful in reducing the attack surface."

Kilo Claw for Organizations is positioned as the way for the security team to say "yes," providing the visibility and control required to bring these agents in-house.

It transitions agents from developer-managed infrastructure into a managed environment characterized by scoped access and organizational-level controls.

Technology: Universal persistence and the "Swiss cheese" method

A core technical hurdle in the current agent landscape is the fragmentation of chat sessions.

During the Venture Beat interview, Schario noted that even advanced tools often struggle with canonical sessions, frequently dropping messages or failing to sync across devices.

Schario emphasized the security layer that supports this new structure: “You get all the same benefits of the Kilo gateway and the Kilo platform: you can limit what models people can use, get usage visibility, cost controls, and all the advantages of leveraging Kilo with managed, hosted, controlled Kilo Claw”.

To address the inherent unreliability of autonomous agents—such as missed cron jobs or failed executions—Kilo employs what Schario calls the "Swiss cheese method" of reliability. By layering additional protections and deterministic guardrails on top of the base Open Claw architecture, Kilo aims to ensure that tasks, such as a daily 6:00 PM summary, are completed even if the underlying agent logic falters.

This is critical because, as Schario noted, “The real risk for any company is data leakage, and that can come from a bot commenting on a Git Hub issue or accidentally emailing the person who’s going to get fired before they get fired”.

Product: Kilo Claw Chat and organizational guardrails

Traditionally, interacting with an Open Claw agent required connecting to third-party messaging services like Telegram or Discord—a process that involves navigating "Bot Father" tokens and technical configurations that alienate non-engineers.

“One of the number one hurdles we see, both anecdotally and in the data, is that you get your bot running and then you have to connect a channel to it. If you don’t know what’s going on, it’s overwhelming,” Schario observed.

“We solved that problem. You don’t need to set up a channel. You can chat with Kilo in the web UI and, with the Kilo Claw app on your phone, interact with Kilo without setting an external channel,” she continued.

This native approach is essential for corporate compliance because, as she further explained, “When we were talking to early enterprise opportunities, they don’t want you using your personal Telegram account to chat with your work bot”. As Schario put it, there is a reason enterprise communication doesn't flow through personal DMs; when a company shuts off access, they must be able to shut off access to the bot.

Looking ahead, the company plans to integrate these environments further. “What we’re going to do is make Kilo Chat the waypoint between Telegram, Discord, and Open Claw, so you get all the convenience of Kilo Chat but can use it in the other channels,” Breitenother added.

The enterprise package includes several critical governance features:

Identity Management: SSO/OIDC integration and SCIM provisioning for automated user lifecycles.

Centralized Billing: Full visibility into compute and inference usage across the entire organization.

Admin Controls: Org-wide policies regarding which models can be used, specific permissions, and session durations.

Secrets Configuration: Integration with 1 Password ensures that agents never handle credentials in plain text, preventing accidental leaks.

Licensing and governance: The "bot account" model

Other security experts note that handling bot and AI agentic permissions are among the most pressing problems enterprises are facing today

As Ev Kontsevoy, CEO and co-founder of AI infrastructure and identity management company Teleport told Venture Beat without seeing the Kilo news: "The potential impact of Open Claw as a non-deterministic actor demonstrates why identity can’t be an afterthought. You have an autonomous agent with shell access, browser control, and API credentials — running on a persistent loop, across dozens of messaging platforms, with the ability to write its own skills. That’s not a chatbot. That’s a non-deterministic actor with broad infrastructure access and no cryptographic identity, no short-lived credentials, and no real-time audit trail tying actions to a verifiable actor."

Kilo is proposing to solve it with a major change in organizational structure: the adoption of employee "bot accounts".

In Kilo’s vision, every employee eventually carries two identities—their standard human account and a corresponding bot account, such as scott.bot@kiloco.ai.

These bot identities operate with strictly limited, read-only permissions. For example, a bot might be granted read-only access to company logs or a Git Hub account with contributor-only rights. This "scoped" approach allows the agent to maintain full visibility of the data it needs to be helpful while ensuring it cannot accidentally share sensitive information with others.

Addressing concerns over data privacy and "black box" algorithms, Kilo emphasizes that its code is source available.

“Anyone can go look at our code. It’s not a black box. When you’re buying Kilo Claw, you’re not giving us your data, and we’re not training on any of your data because we're not building our own model,” Schario clarified.

This licensing choice allows organizations to audit the resiliency and security of the platform without fearing their proprietary data will be used to improve third-party models.

Kilo Claw for Organizations follows a usage-based pricing model where companies pay only for the compute and inference consumed. Organizations can utilize a "Bring Your Own Key" (BYOK) approach or use Kilo Gateway credits for inference.

The service is available starting today, Wednesday, April 1. Kilo Claw Chat is currently in beta, with support for web, desktop, and i OS sessions. New users can evaluate the platform via a free tier that includes seven days of compute.

As Breitenother summarized to Venture Beat, the goal is to shift from "one-off" deployments to a scalable model for the entire workforce: "I think of Kilo for orgs as buying Kilo Claw by the bushel instead of by the one-off. And we're hoping to sell a lot of bushels of of kilo claw".

Deep insights for enterprise AI, data, and security leaders

By submitting your email, you agree to our Terms and Privacy Notice.

Key Takeaways

The end of 'shadow AI' at enterprises
Credit: Venture Beat made with Google Gemini 3
Credit: Venture Beat made with Google Gemini 3
As generative AI matures from a novelty into a workplace staple, a new friction point has emerged: the "shadow AI" or "Bring Your Own AI (BYOAI)" crisis
"Our journey with Kilo Claw has been to make it easier and easier and more accessible to folks," says Kilo co-founder Scott Breitenother