At NVIDIA GTC, after calling OpenClaw the most successful open-source project in history, Jensen Huang said that every single enterprise company and every single software company in the world needs an agentic strategy, and specifically needs an OpenClaw strategy. Here’s what he means.
What a Claw Is
Strip away the branding and a “claw” is a persistent AI agent that connects to your tools, data, and communication channels, then acts on your behalf. It has I/O (it talks to you through WhatsApp, Telegram, Slack, or Discord). It has memory (stored locally as files on your machine). It has scheduling (cron jobs that wake it up while you sleep). It has tool access (APIs, browsers, file systems, email, calendars). And it can spawn sub-agents to decompose complex tasks.
Jensen framed claws as an operating system for agentic workflows. Just as Windows made personal computers usable for nontechnical humans, OpenClaw makes personal AI agents usable for nontechnical humans.
He went on to show a prompt by Stefan Erschwendner, co-founder of an AI strategy firm. He connected OpenClaw to his father’s brewing equipment in Gelterkinden, Switzerland: “Connect to my Grainfather G30 brewing system over bluetooth. Make some lager, then build me a marketing strategy for it.” Erschwendner’s father, Gerhard, is a 68-year-old certified beer sommelier with four competition medals. He knew nothing about AI. The agent managed every temperature ramp and hop addition for a 90-minute boil of Amber Lager. Gerhard approved each step via text message. The claw suggested. The brewmaster decided. Welcome to the new world.
The Three-Tier Corporate AI Stack
Every conversation I have with Fortune 500 leadership teams about agentic AI ends up in the same place: questions about what to buy, what to build, and how to govern. Here is my suggested framework.
Tier 1: Tools. The building blocks. There are fewer true primitives here than most vendors want you to believe. A claw needs access to an AI model or models, and it needs tools: web search, code execution, file system access, browser control, database queries, API calls. That is roughly the complete list. “Tool calling” is the mechanism by which the system decides which tool to invoke, with what parameters, and in what sequence. Everything a claw does is a composition of these primitives. The tools themselves are commodities.
Tier 2: Skills. These are the repeatable workflows your people execute every day: writing proposals, analyzing financials, reviewing code, onboarding customers, monitoring compliance. Each of these tasks follows a pattern. That pattern can be encoded as a “skill,” a set of instructions an AI agent follows to perform a specific job function. Think of skills as the verbs of your enterprise.
OpenClaw’s marketplace already has thousands of community-built skills. Anthropic’s Claude platform offers a curated skills marketplace, private skill repositories for proprietary workflows, and a self-improving skill creator that lets you build new skills without writing code. OpenAI’s Frontier provides execution layers that connect agent skills to your existing business systems. This tier maps directly to the work your people do today. It’s the first place you’ll see measurable ROI.
Tier 3: Claws. Personal AI assistants. These can be general purpose or tied to specific job functions, with persistent context, tool access, and the authority to act. A claw is a skill stack with identity, memory, and agency.
The CFO’s claw and the junior analyst’s claw access different data, carry different permissions, and make different classes of decisions. This is the tier that changes the org chart. When every employee has a claw tuned to their job function, the calculus of headcount, span of control, and decision velocity shifts fundamentally. A senior executive with a well-configured claw can absorb work that previously required two direct reports. A new hire with the right claw has access to institutional knowledge on day one.
The SaaS Transformation
Jensen said every SaaS company will become “a GaaS” company, an agentic-as-a-service company. He is describing the SaaSpocalypse (the end of SaaS) from the supply side.
The demand side is worse for incumbents. If an AI agent on OpenAI’s Frontier platform can execute a complete sales workflow without a human ever logging into Salesforce, the per-seat license loses its economic justification. Constellation Research is already tracking “Agentic Enterprise License Agreements” as a pricing category.
Are you the tool the claw uses, or are you the claw?
If you are the tool, your pricing power collapses to API-call economics. If you are the claw, you own the customer relationship. Importantly, claws are extremely easy to build. You won’t be buying claws, you’ll be buying security services that help you manage and protect your agentic workforce.
This calculus is forcing SaaS companies that do not have network-effect or proprietary data moats to embed agents into their platforms at extraordinary speed. Salesforce has Agentforce. ServiceNow has agent workflows. Snowflake just announced Project SnowWork as a “control plane” for enterprise agents. The defensive plays are real, and they are expensive, and most of them will fail because they optimize for protecting the existing business model rather than serving the enterprise’s new operating model.
The Security Calculus
Here’s where we need to slow down. OpenClaw has eight critical or high-severity CVEs disclosed as of this month. Security researchers have found 42,665 exposed instances, 93% of them with authentication bypass. CrowdStrike built a dedicated detection capability for hijacked OpenClaw deployments. Nearly 900 malicious skills (roughly 20% of the registry) were distributing info-stealing malware before anyone caught them.
The attack surfaces are structural. An autonomous agent with access to your email, calendar, file system, and browser that can execute code and communicate externally is the most powerful attack vector any enterprise CISO has ever had to govern. Jensen said exactly that on stage, almost as a throwaway line: “Access sensitive information, execute code, communicate externally. Obviously, this can’t possibly be allowed.”
Three competing security philosophies are emerging. NVIDIA’s NemoClaw wraps OpenClaw in enterprise-grade sandboxing via OpenShell, with policy-based guardrails and a privacy router. Anthropic’s approach (Cowork Dispatch and Claude Code Channels) keeps processing local to your machine and restricts the ecosystem to Anthropic-approved plugins. NanoClaw, the leading open-source alternative, runs each agent in an isolated Linux container so that a compromised agent cannot touch the host system. None of these approaches has been proven at scale. Your CISO needs a claw security strategy before your CTO deploys the first claw.
When Personal Claws Meet Corporate Claws
Every knowledge worker will soon have one or more personal claws. Many already do. Your company will deploy corporate claws tied to enterprise systems, data governance policies, and compliance frameworks. These two systems are on a collision course.
The personal claw knows things (career plans, salary research, competitor conversations) that the corporate claw should never access. Then, when an employee leaves, what happens to the institutional knowledge their personal claw accumulated? Lastly, will HR be interviewing (and reviewing) humans or human/claw hybrid pairs? The best workers will come to work with their own armies of personal agentic coworkers. And that hybrid pair will be interacting with corporate AI.
This is a sociology problem, not a technology problem. HR, legal, and leadership teams need new frameworks for managing a workforce where every employee is inextricably linked to AI agents that act on their behalf (both inside and outside the corporate perimeter).
The Surveillance Tradeoff
Claws get better the more they know about you. A claw with access to your email, calendar, Slack messages, browsing history, file system, and location data will dramatically outperform a claw that only sees your to-do list. The performance curve is steep and the incentive is obvious: give the claw everything, get the most value.
That is surveillance by another name.
A company that deploys claws tied to employee email, internal communications, HR systems, and productivity tools will have a real-time, granular record of every decision, every draft, every hesitation, every deleted sentence. The claw needs that data to do its job. The company now has that data whether it intended to collect it or not. Every corporate claw will be a continuous monitoring system by default.
At the personal level, the tradeoff is even sharper. Your personal claw is most useful when it knows your health data, your financial data, your relationship patterns, your location history, your purchase behavior, all of it. The claw that books your travel, manages your calendar, filters your inbox, and reminds you to take your medication is also the claw that holds a comprehensive dossier on your entire life. You are building the most detailed surveillance profile ever assembled, and you are doing it voluntarily, because (supposedly) the productivity gain is too large to refuse.
Will employees submit to corporate claws that see everything? Some will, others will resist, and the resistance will create a two-tier workforce: those who grant full access and get 10x leverage, and those who restrict access and get a fraction of the value. That political dynamic will be ugly, and fast.
Will people tolerate this level of exposure in their personal lives? We already know the answer. We watched it play out with smartphones, with social media, with smart speakers in the kitchen. People trade privacy for convenience at every opportunity until a breach makes the cost visible. Claws will likely follow the same adoption curve, except the data surface is orders of magnitude larger.
Then there’s data sovereignty. Who owns the data your claw collects about you? If your corporate claw accumulates a year of institutional knowledge shaped by your decisions, that data will become corporate assets. If your personal claw holds your medical history and your employer’s claw can infer your health status from your combined behavioral patterns, who is liable? These are not hypothetical scenarios. They are the inevitable consequence of deploying always-on agents with broad data access.
This is a new and formidable leadership challenge. We’ll learn more as claws roll out at scale. What I can tell you now is this: every corporate claw deployment is a data governance decision disguised as a productivity initiative. Treat it accordingly.
Your Corporate Claw Strategy
“Every company needs a claw strategy.” Jensen said it about OpenClaw (and NVIDIA’s NemoClaw) specifically but the statement is platform-agnostic. If you are thinking about how to leverage claws (recursive, self-improving autonomous agentic workflows), please feel free to reach out. We’ve developed a process that will help you create and execute a best practices corporate claw strategy and a practical roadmap.
Every company needs a Claw strategy. Do you have one?
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it. This work was created with the assistance of various generative AI models.