Should you let OpenClaw pen test your system? Plus: Cybersecurity for ephemeral software

00:00

0.5
1
1.25
1.5
1.75
2

This is a podcast episode titled, Should you let OpenClaw pen test your system? Plus: Cybersecurity for ephemeral software. The summary for this episode is: Sophos let OpenClaw run wild on its network (sort of). It wasn’t as bad an idea as it sounds!  With a few guardrails and restrictions in place, the security software firm turned OpenClaw into a serious little pen tester, surfacing “23 actionable, high-quality findings.”  But is this a sustainable model for introducing AI agents to the security process? And how do we deal with the inevitable friction between a model meant to find exploits and the guardrails telling it to do no harm?  This week, host Matt Kosinski and panelists Claire Nuñez, Dave McGinnis and Kimmie Farrington discuss the wisdom and folly of letting an AI agent pen test your system.  Plus: We dig into Bruce Schneier’s thoughts on “security in the age of instant software” and a report from CipherCue that ransomware is growing three times faster than security spending.   All that and more on Security Intelligence.  Segments:  00:00 – Intro  1:07 -- OpenClaw as a pen tester   14:23 -- Cybersecurity for instant software   25:36 -- Ransomware outpaces security spending  The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.  Learn more about how enterprises confront agentic attacks → <a href="https://newsroom.ibm.com/2026-04-15-ibm-announces-new-cybersecurity-measures-to-help-enterprises-confront-agentic-attacks" rel="noopener noreferrer" target="_blank">https://newsroom.ibm.com/2026-04-15-ibm-announces-new-cybersecurity-measures-to-help-enterprises-confront-agentic-attacks</a> Follow the Security Intelligence podcast on your preferred platform  → <a href="https://www.ibm.com/think/podcasts/security-intelligence" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/podcasts/security-intelligence</a>

DESCRIPTION

Sophos let OpenClaw run wild on its network (sort of). It wasn’t as bad an idea as it sounds!

With a few guardrails and restrictions in place, the security software firm turned OpenClaw into a serious little pen tester, surfacing “23 actionable, high-quality findings.”

But is this a sustainable model for introducing AI agents to the security process? And how do we deal with the inevitable friction between a model meant to find exploits and the guardrails telling it to do no harm?

This week, host Matt Kosinski and panelists Claire Nuñez, Dave McGinnis and Kimmie Farrington discuss the wisdom and folly of letting an AI agent pen test your system.

Plus: We dig into Bruce Schneier’s thoughts on “security in the age of instant software” and a report from CipherCue that ransomware is growing three times faster than security spending.

All that and more on Security Intelligence.

Segments:

00:00 – Intro

1:07 -- OpenClaw as a pen tester

14:23 -- Cybersecurity for instant software

25:36 -- Ransomware outpaces security spending

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Learn more about how enterprises confront agentic attacks → https://newsroom.ibm.com/2026-04-15-ibm-announces-new-cybersecurity-measures-to-help-enterprises-confront-agentic-attacks

Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence