Should you let OpenClaw pen test your system? Plus: Cybersecurity for ephemeral software

Learn more about how enterprises confront agentic attacks →

https://newsroom.ibm.com/2026-04-15-ibm-announces-new-cybersecurity-measures-to-help-enterprises-confront-agentic-attacks

Sophos let OpenClaw run wild on its network (sort of). It wasn’t as bad an idea as it sounds!

With a few guardrails and restrictions in place, the security software firm turned OpenClaw into a serious little pen tester, surfacing “23 actionable, high-quality findings.”

But is this a sustainable model for introducing AI agents to the security process? And how do we deal with the inevitable friction between a model meant to find exploits and the guardrails telling it to do no harm?

This week, host Matt Kosinski and panelists Claire Nuñez, Dave McGinnis and Kimmie Farrington discuss the wisdom and folly of letting an AI agent pen test your system.

Plus: We dig into Bruce Schneier’s thoughts on “security in the age of instant software” and a report from CipherCue that ransomware is growing three times faster than security spending.

All that and more on Security Intelligence.

Segments:

00:00 – Intro

1:07 -- OpenClaw as a pen tester

14:23 -- Cybersecurity for instant software

25:36 -- Ransomware outpaces security spending

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Follow the Security Intelligence podcast on your preferred platform →

https://www.ibm.com/think/podcasts/security-intelligence