Attorney Jonathan Armstrong on Governance, Due Diligence and Shadow AI Risk
The rapid adoption of agentic artificial intelligence tools is exposing new governance challenges for security leaders. The OpenClaw case, which enabled AI agents to move between applications using shared credentials, has raised concerns about how experimental tools are deployed inside organizations.
See Also: Free Your IT Program of Tech Debt With an Enterprise Browser (eBook)
One of the biggest risks is that these technologies are often introduced without the knowledge of security or compliance teams, said Jonathan Armstrong, partner at Punter Southall Law. He cautioned that developers and employees may be experimenting with tools that connect to enterprise systems before proper oversight or review is in place.
“Nearly always, nobody at the top of the organization, nobody in the CISO’s team, nobody in the compliance team, nobody in legal team knows that it’s happening,” Armstrong said.
The spread of experimental AI tools also means organizations may need to rethink how they assess technology risk. Many AI platforms are built by small start-up firms or individual developers, yet companies adopt the technology without the same scrutiny applied to traditional vendors.
“For a lot of companies, they’re going to have to look at risk in a different way than they usually consider,” he said.
In this video interview with Information Security Media Group, Armstrong discussed:
- How OpenClaw allows AI agents to move across systems using centralized credentials;
- How shadow AI experimentation can expose organizations to hidden risks;
- Why companies may need new governance and due diligence models for AI tools.
Armstrong is a lawyer specializing in compliance and technology. He is regarded as one of the foremost cybersecurity experts and is active in advising clients on GDPR compliance and AI risks and opportunities.