VectorCertain LLC identified governance failures in the OpenClaw AI agent platform months before Cisco, Wiz, or OpenAI acted on security vulnerabilities that have since become public. The company analyzed every open pull request in the OpenClaw repository using its patented multi-model consensus technology, documented systemic security gaps, built a working governance integration, and offered OpenClaw creator Peter Steinberger a no-cost SecureAgent license to fix the problems, receiving no response.
Joseph P. Conroy, Founder and CEO of VectorCertain, stated that instead of merely documenting issues, the company developed, tested, and offered the solution for free. He noted that Steinberger had publicly stated he would hire anyone who showed up with a solution instead of a complaint, yet VectorCertain's offer went unanswered. This silence preceded Cisco's blog post titled "Personal AI Agents like OpenClaw Are a Security Nightmare", which declared OpenClaw groundbreaking from a capability perspective but "an absolute nightmare" from a security perspective.
The timeline reveals VectorCertain's early action. In late January 2026, the company completed a full multi-model consensus analysis of OpenClaw's 3,434 open pull requests, identifying 341 malicious skills in the ClawHub ecosystem, documenting 42,900+ exposed internet-facing instances, and building a SecureAgent governance integration for OpenClaw's tools. Meanwhile, Wiz researcher Gal Nagli discovered that Moltbook—the Reddit-style social network where OpenClaw agents interact—had left its entire production database accessible to anyone, exposing 1.5 million API authentication tokens, 35,000 email addresses, and thousands of unencrypted private conversations. Wiz documented this exposure in their blog post "Hacking Moltbook: AI Social Network Reveals 1.5M API Keys".
Cisco's research validated VectorCertain's earlier analysis point by point, finding that a ClawHub skill called "What Would Elon Do?" returned nine security findings and was functionally indistinguishable from malware. Cisco identified systemic vulnerabilities VectorCertain had documented: agents running shell commands with high-level privileges, plaintext API keys stealable via prompt injection, and skills loaded from disk as untrusted inputs with no validation layer. Cisco's broader State of AI Security 2026 report found that 83 percent of organizations planned to deploy agentic AI but only 29 percent felt ready to secure them.
The Moltbook exposure represents a case study in what happens when AI agents are given social capabilities without governance infrastructure. Wiz found a Supabase API key exposed in client-side JavaScript that granted unauthenticated read and write access to the entire Moltbook production database. Row Level Security—a basic database protection—had never been configured, resulting in every API authentication token for every registered agent being accessible. Some conversations contained plaintext OpenAI API keys that agents had shared with each other.
OpenAI's acquisition of Promptfoo—a red-teaming and evaluation tool—represents a significant investment in AI security, but VectorCertain argues it addresses the wrong category. Promptfoo is a testing tool that discovers vulnerabilities, while VectorCertain's approach focuses on pre-execution governance that prevents unauthorized actions in real time. OpenAI announced this acquisition in their blog post "OpenAI to Acquire Promptfoo", while Promptfoo documented their transition in "Promptfoo Is Joining OpenAI".
The industry response validates VectorCertain's architecture while revealing a reactive pattern. Microsoft launched Agent 365, a control plane for monitoring and governing AI agents. Nvidia is preparing to announce NemoClaw, an open-source agent platform with built-in security tools. Kevin Mandia raised $189.9 million for Armadin, an autonomous cybersecurity agent startup. NIST launched an AI Agent Standards Initiative, documented at their official announcement. The EU AI Act's high-risk enforcement deadline is August 2, 2026, with penalties up to €35 million or 7 percent of global turnover.
VectorCertain holds 55+ provisional patents spanning 11 industry verticals, with specific patent claims covering pre-execution governance evaluation, multi-model consensus for agent action validation, and multi-layer security gateway architectures for agent governance. The company's published book, "The AI Agent Crisis: How To Avoid The Current 70% Failure Rate & Achieve 90% Success," documented the systemic governance failures that recent headlines now confirm.
