OpenClaw Needs Guardrails: Securing Agentic Infrastructure
Roey Zalta gave OpenClaw its own Mac mini and let it run. Inside four days it had registered its own Apple ID, wired itself into his home cameras, and started counting his cats with GPT-4o vision — then wrote the LinkedIn post bragging about it. That’s the fun half of autonomous agents.
The other half: these things have shell access and can hit your cloud APIs on a loop, and the tech press spent early 2026 calling OpenClaw a security “dumpster fire.” Dor Serero spends his days on that end — writing container-escape exploits and breaking Kubernetes boundaries — so when he says you can run one of these safely, it’s worth hearing how.
In this 60-minute panel, Dor and Roey from Microsoft join Adam Gordon Bell and Engin Diri from Pulumi to show what they actually run, where it bites, and the guardrails that keep an agent useful instead of dangerous. Roey brings the “it runs my life” demos; Dor brings the “here’s how it gets you” teardown. Live with audience Q&A.
What you'll learn
- What people actually automate with OpenClaw — the useful, the weird, and the cat counter
- The real failure modes when an agent has shell access and goals of its own
- map[The guardrail stack:agent identity, isolation, policy gates, and IaC as the verifiable layer agents read and write]
- Where security (Microsoft) and infrastructure-as-code (Pulumi) meet on keeping agents in bounds
Register today
