As generative AI transitions from experimental tool to enterprise necessity, organizations face a familiar challenge: the rise of "shadow AI." Like the BYOD movement before it, employees are spinning up autonomous agents on personal infrastructure to handle work tasks—often without IT's knowledge or approval.
Kilo co-founder Scott Breitenother has watched this pattern unfold firsthand. "Our journey with Kilo Claw has been to make it easier and easier and more accessible to folks," he says. Now the company is formalizing that accessibility with KiloClaw for Organizations and KiloClaw Chat—a managed platform that brings personal AI agents under enterprise governance.
The timing reflects Kilo's momentum. Since launching its hosted OpenClaw product, KiloClaw, last month, the platform has attracted over 25,000 users. Meanwhile, the company's PinchBench agent benchmark has processed more than 250,000 interactions and earned a notable endorsement when Nvidia CEO Jensen Huang referenced it during his GTC 2026 keynote in San Jose.
When developers go rogue
The problem Kilo is solving became clear through conversations with enterprise AI leaders. One AI director at a government contractor discovered developers running OpenClaw agents on random VPS instances to automate calendars and monitor repositories—completely outside IT visibility.
"We can't see any of it," the director told Kilo. "No audit logs. No credential management. No idea what data is touching what API."
That opacity has pushed some organizations toward blanket bans on autonomous agents. Anand Kashyap, CEO of data security firm Fortanix, confirmed the pattern: "OpenClaw has taken the technology world by storm, but enterprise usage is minimal due to security concerns with the open source version."
Kashyap sees the market evolving rapidly:
"Recently, NVIDIA (with NemoClaw), Cisco (DefenseClaw), Palo Alto Networks, and Crowdstrike have all announced enterprise-ready versions of OpenClaw with guardrails and governance. But adoption remains low. Enterprises want centralized IT control, predictable behavior, and data security that keeps them compliant. An autonomous agentic platform like OpenClaw stretches the envelope on all these parameters. Over time, we'll see an agentic platform emerge where agents are pre-built, packaged, and deployed responsibly with centralized controls and data access controls built into both the platform and the LLMs. Technologies like Confidential Computing provide compartmentalization and are tremendously helpful in reducing the attack surface."
KiloClaw for Organizations aims to be that platform—giving security teams a way to say "yes" by moving agents from developer-managed infrastructure into a controlled environment with scoped access and organizational oversight.
Building reliability into unpredictable systems
One technical challenge Kilo addresses is session fragmentation. Co-founder and head of product Emilie Schario notes that even sophisticated tools struggle to maintain canonical chat sessions, frequently dropping messages or failing to sync across devices.
The organizational product layers security controls on top of that persistence. "You get all the same benefits of the Kilo gateway and platform: you can limit what models people can use, get usage visibility, cost controls, and all the advantages of leveraging Kilo with managed, hosted, controlled Kilo Claw," Schario explains.
To handle the inherent unpredictability of autonomous agents—missed cron jobs, failed executions—Kilo uses what Schario calls the "Swiss cheese method" of reliability. By stacking multiple protections and deterministic guardrails on the base OpenClaw architecture, the platform ensures critical tasks complete even when agent logic falters.
"The real risk for any company is data leakage," Schario warns. "That can come from a bot commenting on a GitHub issue or accidentally emailing the person who's going to get fired before they get fired."
Lowering the barrier to entry
While managed infrastructure solves the backend challenge, KiloClaw Chat tackles user experience. "Hosted, managed OpenClaw is easier to get started with, but it's not enough, and it still requires you to be at the edge of technology to understand how to set it up," Schario says. The question became: "How do we give people who have never heard the phrase OpenClaw or Clawdbot an always-on AI assistant?"
Traditionally, using OpenClaw meant connecting to third-party messaging platforms like Telegram or Discord—a process involving "BotFather" tokens and technical configurations that alienate non-engineers.
"One of the number one hurdles we see, both anecdotally and in the data, is that you get your bot running and then you have to connect a channel to it. If you don't know what's going on, it's overwhelming," Schario observes.
KiloClaw Chat eliminates that friction. "You don't need to set up a channel. You can chat with Kilo in the web UI and, with the Kilo Claw app on your phone, interact with Kilo without setting an external channel," she says.
The native approach also addresses compliance requirements. "When we were talking to early enterprise opportunities, they don't want you using your personal Telegram account to chat with your work bot," Schario notes. When a company needs to revoke access, they need to control the entire communication channel.
Looking forward, Kilo plans to bridge these environments. "What we're going to do is make Kilo Chat the waypoint between Telegram, Discord, and OpenClaw, so you get all the convenience of Kilo Chat but can use it in the other channels," Breitenother adds.
The enterprise package includes key governance features:
Identity Management: SSO/OIDC integration and SCIM provisioning for automated user lifecycles.
Centralized Billing: Full visibility into compute and inference usage across the organization.
Admin Controls: Organization-wide policies for model access, permissions, and session durations.
Secrets Configuration: Integration with 1Password ensures agents never handle credentials in plain text, preventing accidental leaks.
The bot account model
Security experts agree that managing bot permissions represents one of the most pressing enterprise challenges today.
Ev Kontsevoy, CEO and co-founder of AI infrastructure company Teleport, frames the stakes: "The potential impact of OpenClaw as a non-deterministic actor demonstrates why identity can't be an afterthought. You have an autonomous agent with shell access, browser control, and API credentials—running on a persistent loop, across dozens of messaging platforms, with the ability to write its own skills. That's not a chatbot. That's a non-deterministic actor with broad infrastructure access and no cryptographic identity, no short-lived credentials, and no real-time audit trail tying actions to a verifiable actor."
Kilo's solution involves a structural shift: employee "bot accounts." In this model, every employee maintains two identities—their standard human account and a corresponding bot account, such as [email protected].
These bot identities operate with strictly scoped, read-only permissions. A bot might access company logs or hold contributor-only rights to a GitHub repository. This approach gives the agent the visibility it needs to be useful while preventing it from accidentally sharing sensitive information.
On concerns about algorithmic opacity, Kilo emphasizes its source-available code. "Anyone can go look at our code. It's not a black box. When you're buying Kilo Claw, you're not giving us your data, and we're not training on any of your data because we're not building our own model," Schario clarifies.
That licensing choice lets organizations audit the platform's security without worrying their proprietary data will train third-party models.
Pricing and rollout
KiloClaw for Organizations uses usage-based pricing, charging only for consumed compute and inference. Organizations can bring their own API keys or use Kilo Gateway credits.
The service launches today, Wednesday, April 1. KiloClaw Chat is currently in beta, supporting web, desktop, and iOS. New users can test the platform with a free tier that includes seven days of compute.
As Breitenother puts it: "I think of Kilo for Orgs as buying KiloClaw by the bushel instead of one-off. And we're hoping to sell a lot of bushels of KiloClaw."
