New Zealand | OpenClaw Meets Microsoft: What Every IT Leader Needs To Know Right Now 

Join our community of 1,000+ IT professionals, and receive tech tips and updates once a week.

OpenClaw Meets Microsoft: What Every IT Leader Needs To Know Right Now 

New Zealand | OpenClaw Meets Microsoft: What Every IT Leader Needs To Know Right Now 

If you haven’t heard of OpenClaw yet, there’s a reasonable chance it’s already running on one of your corporate devices. 

That’s not hyperbole – it’s a finding backed by security vendors who reported OpenClaw activity on employee corporate devices in roughly 22% of monitored enterprise environments by early 2026 (directional estimate based on proprietary threat intelligence reported by multiple endpoint security vendors; a named public source for this specific figure was not available at time of publication, and readers should treat it as an indicative signal rather than a verified statistic). And with Microsoft formally embracing the framework at Build 2026 in June, the story just got a lot more consequential for CIOs, CTOs, and IT leaders everywhere. 

What Is OpenClaw? 

OpenClaw started as a weekend side project in November 2025, built by Austrian developer Peter Steinberger. Originally called Warelay, it was subsequently renamed through several iterations, including Clawdbot and Moltbot, before officially becoming OpenClaw. The concept is elegant in its simplicity: connect a large language model (think GPT, Claude, or Gemini) to your local machine, and let it execute shell commands, manage files, automate browsers, and interact with messaging platforms like Slack, WhatsApp, and Teams. 

Think of it as an “operating system for AI agents” – a local-first, model-agnostic framework that lets you delegate real tasks to AI, not just have conversations with it. 

The growth has been staggering. OpenClaw crossed 100,000 GitHub stars within weeks of its launch, surpassed React’s long-standing record of 243,000 stars by March 3, 2026, and has since climbed beyond 375,000 stars with over 78,000 forks. It became the fastest-growing open-source project in GitHub history. In February 2026, OpenAI recognised the momentum and hired Steinberger to lead its AI Agent infrastructure effort, with OpenAI’s leadership indicating OpenClaw would continue as an independent open-source foundation. 

This is not a niche developer toy. This is an infrastructure-level shift. 

What Microsoft Announced at Build 2026

At Build 2026 on 2 June 2026, Microsoft didn’t just acknowledge OpenClaw – it bet on it. Three announcements matter most for enterprise IT leaders: 

1. Microsoft Scout – OpenClaw for the Enterprise 

Microsoft unveiled Scout, an always-on AI agent built on OpenClaw’s open-source technology. Scout integrates natively with Teams, Outlook, OneDrive, SharePoint, and calendar – running continuously in the background to handle coordination work autonomously. It ships with enterprise-grade security controls and is currently available via Microsoft’s limited early-access preview, with wider enterprise preview expected in late 2026. Access currently requires enrollment in this early-access program; specific licensing prerequisites are available on the Microsoft Scout product page. 

TechCrunch’s coverage of the Scout launch captured the essential dynamic: Microsoft had effectively taken OpenClaw, wrapped it in enterprise security controls, and brought it to market as Scout. That framing is instructive, signalling that Microsoft is channelling the open-source momentum through the governance structures enterprises already operate. 

2. Microsoft Execution Containers (MXC) – Hardware-Level Agent Isolation 

Microsoft introduced MXC (Microsoft Execution Containers), now in preview, which provides OS-level sandboxed environments for AI agents. MXC separates an agent’s execution from the user’s desktop, clipboard, UI, and input devices – directly addressing classes of attacks that security researchers have flagged as particularly dangerous. OpenClaw now runs its node and gateway securely on Windows via MXC, and a new Windows companion app makes it straightforward to set up managed OpenClaw deployments. 

3. Agent 365 + Microsoft Security Stack Integration 

This is the piece that matters most for IT governance. Agent 365 (Microsoft’s new enterprise agent management layer) was announced at Build 2026 with enterprise security stack integration entering preview in July 2026, and is being woven deeply into Microsoft Defender, Intune, Purview, and Entra. What this means practically: 

  • Defender detects and blocks unsafe agent actions at the endpoint
  • Intune lets administrators apply policies to discover managed devices running OpenClaw and block common execution methods
  • Purview provides data exfiltration protections, compliance audit logging, and agentic risk detection – covering OpenClaw alongside Claude Code, GitHub Copilot, and OpenAI Codex 
  • Entra enforces network access and identity controls for agent sessions 
  • Agent Registry supports discovery of multiple types of local agents, including local MCP servers and coding agents 

A new Shadow AI page in the Microsoft 365 admin centre, enabled by Defender and Intune, gives IT teams a centralised view of local agent usage and the ability to limit unsanctioned execution paths – with OpenClaw as the initial supported agent. 

The integration of MXC with Agent 365 (available in preview from July 2026) promises immutable trust trails that record which model performed which action – a capability compliance teams have been waiting for. 

The Security Reality IT Leaders Cannot Ignore 

OpenClaw’s explosive growth came with a serious security shadow. By April 2026, researchers had catalogued a significant and rapidly growing number of CVEs. Among the most critical, a vulnerability disclosed in late January 2026 enabled one-click remote code execution via cross-site WebSocket hijacking (a class of attack that tricks a user’s browser into sending unauthorised commands to a locally running service). In March 2026, multiple CVEs were published in the span of four days alone, with a large volume of internet-exposed instances identified, a significant proportion of them vulnerable to remote code execution. The specific figures cited across vendor reports varied; readers are encouraged to consult the National Vulnerability Database and their preferred security vendor advisories for current counts and severity scores. 

Security researchers have labelled OpenClaw a serious risk for enterprise environments, with vendor advisories warning that it effectively grants root-level access to the operating system while adding the unpredictability of an AI model as an additional attack surface. 

The core enterprise problem is one of broad, persistent access to act on the user’s behalf across the operating system. OpenClaw operates close to the operating system and acts on the user’s behalf – shell access, file system, browser, credentials. Traditional security controls were not designed for this threat model. And because it installs in a single command and lives in the messaging tools employees already use, it proliferates without procurement approval or SOC visibility. 

Security vendors have confirmed employees are deploying OpenClaw on corporate devices with no approval process and connecting it to corporate email, Slack workspaces, and internal systems. That is shadow AI – and it has already arrived. 

How Should Organisations Be Thinking About This? 

The answer is not to ban OpenClaw wholesale. Blanket prohibition is unlikely to be effective at this stage of adoption, and typically drives usage underground rather than eliminating it. The strategic response is governance at speed. 

Here is how we recommend IT leaders frame their thinking: 

  • Audit before you act. Use Agent 365’s Shadow AI discovery capabilities to inventory where OpenClaw is already running in your environment. You cannot govern what you cannot see.
  • Treat agents as identity and access management problems. Each agent instance should carry a cryptographic identity, operate with scoped credentials, and be subject to the same access reviews as human users. MXC makes this technically achievable at the OS level.
  • Establish an agent policy framework now. Define which agent runtimes are approved, what data scopes they may access, and what actions require human-in-the-loop confirmation. Do this before Scout and similar tools move from early-access preview to general availability. This is precisely the governance work Insentra’s AI Momentum practice helps organisations structure.
  • Engage your security stack. If you are on Microsoft 365, the Defender, Intune, and Purview controls being released through June and July 2026 are directly designed for this moment. Enable them.
  • Don’t fear the technology – shape its adoption. OpenClaw and Scout represent a genuine productivity step-change for knowledge workers. Organisations that engage with them thoughtfully – rather than reactively blocking them – will build a competitive advantage. The goal is governed adoption, not prevention. 

The Bigger Picture 

Microsoft’s embrace of OpenClaw at Build 2026 is a signal worth taking seriously. After years of Copilot-first messaging, Microsoft gave stage time to an open-source agent framework that became popular precisely because it was not a Microsoft product. That is an unusual move – and it tells you how significant the shift toward agentic, local-first AI has become. 

The convergence of OpenClaw’s open-source momentum, OpenAI’s talent investment, and Microsoft’s enterprise security wrap means that autonomous AI agents are no longer a 2027 planning item. They are a June 2026 governance challenge. 

Insentra’s AI Momentum practice works with organisations to navigate exactly this kind of inflection point – helping IT leaders move from reactive discovery to confident, governed AI adoption. 

Ready to build your AI agent strategy before the defaults are set for you? Explore Insentra’s AI Momentum practice at AI Momentum  and subscribe to AI Pulse to stay current as this space moves fast. 

Hungry for more?

If you’re waiting for a sign, this is it.

We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!

Who is Insentra?

Imagine a business which exists to help IT Partners & Vendors grow and thrive.

Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.

Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.

We love what we do and are driven by a relentless determination to deliver exceptional service excellence.

New Zealand | OpenClaw Meets Microsoft: What Every IT Leader Needs To Know Right Now 

Insentra maintains ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certifications

We are proud to announce that Insentra has successfully maintained its ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certifications