Strong take on hunting operating models instead of artifacts. The conviction chains around identity materialization make alot of sense, especially when most teams are still thinking signature-first. I've been seeing similiar patterns with credential sprawl once agentic tools land on endpoints they weren't scoped for.
Great write-up Demian!! To help contain OpenClaw to begin with, we open sourced an OpenClaw guardrails extension that uses policy as code to block/steer unwanted behavior and prevent things like rm -rf, sudo, or leaking secrets. More here:
Strong take on hunting operating models instead of artifacts. The conviction chains around identity materialization make alot of sense, especially when most teams are still thinking signature-first. I've been seeing similiar patterns with credential sprawl once agentic tools land on endpoints they weren't scoped for.
Great write-up Demian!! To help contain OpenClaw to begin with, we open sourced an OpenClaw guardrails extension that uses policy as code to block/steer unwanted behavior and prevent things like rm -rf, sudo, or leaking secrets. More here:
https://securetrajectories.substack.com/p/openclaw-rm-rf-policy-as-code