fleetdm · mike-j-thomas · Feb 18, 2026
diff --git a/articles/openclaw-open-for-work.md b/articles/openclaw-open-for-work.md
@@ -39,11 +39,11 @@ Prompt injections can also be indirect, meaning an autonomous agent may encounte
 
 ## Can device management help?
 
-The next article in this series will explore how threat hunting and device management with Fleet can help to secure OpenClaw or detect it to prevent its use.  
+The [next article](/articles/threat-hunting-ai-agents-like-openclaw-with-automated-tooling.md) in this series will explore how threat hunting and device management with Fleet can help to secure OpenClaw or detect it to prevent its use.  
 
 <meta name="articleTitle" value="OpenClaw: Open for work?">
 <meta name="authorFullName" value="Brock Walters">
 <meta name="authorGitHubUsername" value="nonpunctual">
 <meta name="category" value="articles">
 <meta name="publishedOn" value="2026-02-04">
-<meta name="description" value="An overview of OpenClaw, how it works, and the security risks of running autonomous AI agents on user devices.">
+<meta name="description" value="Part 1 of the OpenClaw series: An overview of OpenClaw, how it works, and the security risks of autonomous AI agents on user devices.">
diff --git a/articles/threat-hunting-ai-agents-like-openclaw-with-automated-tooling.md b/articles/threat-hunting-ai-agents-like-openclaw-with-automated-tooling.md
@@ -0,0 +1,144 @@
+# Threat hunting AI agents like OpenClaw with automated tooling
+
+AI-powered coding assistants, autonomous security agents, and extension-based development tools are transforming how engineering teams operate. But this innovation introduces a new category of shadow IT with significant security and compliance implications.
+
+For CTOs, CIOs, and CISOs, understanding and controlling this risk is now a board-level priority.
+
+## The challenge: multi-vector AI tool usage
+
+AI agents and extensions operate across multiple vectors:
+
+**Static artifacts** — Skills, plugins, configurations installed across user directories and repositories
+
+**Runtime processes** — Active AI tools executing code during development and workflows
+
+**Extension registries** — VSCode and IDE extensions that persist and execute automatically
+
+**Network communication** — Agents and tools communicating with external APIs, cloud services, and command and control infrastructure
+
+Traditional SIEM alerts rarely catch these activities because individual signals appear normal during development workflows.
+
+## Why it matters for enterprise
+
+### Security risks
+
+- **Data exfiltration:** Code, credentials, and proprietary IP sent to external AI providers
+- **Malicious code injection:** Skills and plugins with unauthorized execution capabilities
+- **Supply chain compromise:** Extension vulnerabilities and repo-manipulation attacks
+- **Autonomous threat actors:** Agents capable of autonomous code execution and persistence
+
+### Compliance and governance
+
+- **Policy violations:** Unauthorized AI tool usage against enterprise security requirements
+- **Audit trail blind spots:** Difficulty tracking AI-assisted development and code reviews
+- **Data classification gaps:** Uncontrolled sharing of sensitive information via AI interfaces
+- **Regulatory non-compliance:** Potential violations of data handling and privacy regulations
+
+## A defense-in-depth detection framework
+
+An effective detection strategy must combine multiple detection vectors:
+
+### 1. Filesystem and artifact detection
+
+AI tools often install persistent artifacts across user home directories and project repositories. Path-based queries scan for:
+
+- Configuration directories: `~/.claude/skills`, `~/.openclaw/skills`, `~/.gemini/skills`
+- Plugin registries: `~/.claude/.plugins`, `.vscode/extensions`
+- Repository-local skills: Project-specific `.claude/` directories
+
+This captures dormant threats that may not appear in process lists.
+
+### 2. Runtime process detection
+
+Active AI tools manifest as running processes with recognizable signatures:
+
+- Desktop applications: Claude Desktop, Cursor, Windsurf, LM Studio
+- CLI tools: GitHub Copilot CLI, Aider, Continue.dev
+- Autonomous agents: OpenClaw, Clawdbot, Moltbot, ollama
+
+Process monitoring combined with user context provides real-time visibility into tool usage.
+
+### 3. Extension and plugin detection
+
+IDE extensions and browser plugins can execute code even when parent applications are inactive:
+
+- VSCode extensions: GitHub Copilot, Claude, Cody, Continue.dev
+- Code completion providers: Windsurf, OpenClaw agents
+- Browser extensions for AI integration
+
+Extension catalogs provide version metadata for vulnerability correlation and attack surface analysis.
+
+### 4. Network and communication monitoring
+
+AI agents communicate with cloud services, API endpoints, and local infrastructure:
+
+- External API calls to LLM providers (Anthropic, OpenAI, Google)
+- Local service bindings on non-standard ports
+- Command and communication infrastructure
+
+Network telemetry reveals who's talking to what, and when.
+
+## Strategic implementation for c-level governance
+
+### Detection architecture
+
+Effective threat hunting requires a layered approach:
+
+- **Static Analysis:** Periodic filesystem scans for installed artifacts
+- **Dynamic Monitoring:** Continuous process and network telemetry
+- **Compliance Integration:** Correlation with user authorization and data classification policies
+- **Vulnerability Tracking:** Version awareness for CVE correlation and patch management
+
+### Data and alerting strategy
+
+CISOs should define clear alerting thresholds:
+
+- **High-severity:** Unauthorized autonomous agents on non-compliant systems, exposed listening ports, credential access attempts
+- **Medium-severity:** Unknown AI tool usage, unexpected process starts, suspicious command-line arguments
+- **Low-severity:** Novel AI tool installations, unexpected file changes in AI configuration directories
+
+Rely on contextual correlation rather than single-sign alerts. An AI tool run by an authenticated developer performing authorized development work may generate multiple signals. Alerting should prioritize unusual patterns or violations of access controls.
+
+### Response and governance
+
+When AI tool violations are detected:
+
+- **Immediate:** Disable unauthorized tools, isolate infected systems, preserve forensic evidence
+- **Investigative:** Trace user sessions, correlate with network logs, document attack paths
+- **Corrective:** Update policy, revoke access, patch vulnerabilities
+- **Preventive:** Harden configurations, implement agent whitelisting, improve monitoring
+
+This sequence should be supported by clear evidence trails for audit and compliance purposes.
+
+### Measurement and reporting
+
+Board-level visibility requires focused metrics:
+
+- **Asset coverage:** Percentage of endpoints with AI tool detection enabled
+- **Alert volume:** High/medium/low severity alerts prioritized by business risk
+- **Incident response time:** Average time to detect and address AI-related security events
+- **Policy compliance rate:** Percentage of endpoints in compliance with AI tool usage policy
+- **Vulnerability exposure:** Number of extension and tool versions with known CVEs
+
+These metrics should be reviewed quarterly with the board and technical teams.
+
+## Moving forward
+
+AI and autonomous tooling is no longer optional for modern engineering teams. The question isn't whether to adopt these tools — it's how to govern them effectively.
+
+Organizations that implement detection frameworks now will be better positioned to:
+
+- Maintain security posture in an evolving threat landscape
+- Enable compliance with data protection and privacy regulations
+- Protect intellectual property and sensitive information
+- Make informed decisions about AI tool adoption and governance
+
+The time to establish control is before shadow AI tools become entrenched. With a comprehensive detection framework in place, leadership can enable innovation while maintaining visibility and control.
+
+
+<meta name="articleTitle" value="Threat hunting AI agents like OpenClaw with automated tooling">
+<meta name="authorFullName" value="Brock Walters">
+<meta name="authorGitHubUsername" value="nonpunctual">
+<meta name="category" value="articles">
+<meta name="publishedOn" value="2026-02-18">
+<meta name="description" value="Part 2 of the OpenClaw series: Detect and govern AI coding agents and extensions to reduce enterprise security and compliance risk.">