A “claw” is a personal AI agent that runs on your machine and autonomously executes tasks on your behalf. The term comes from OpenClaw, a hugely popular open-source project created by Austrian developer Peter Steinberger in November 2025. He joined OpenAI in February and OpenClaw now lives in an independent foundation.
The “magic” of OpenClaw is that it presents itself as a fully autonomous agent you can connect to almost any software or data you have access to. It stores your preferences, memory, and behavioral instructions. You interact with it through Slack, WhatsApp, Telegram, iMessage, or any of 50+ messaging platforms. The agent reads your email, manages your calendar, runs shell commands, browses the web, and executes scheduled tasks around the clock.
OpenClaw instantly spawned an ecosystem of alternatives, each making a different bet on the capability-versus-safety tradeoff. NanoClaw delivers the same core functionality in a codebase you can read in eight minutes, with agents running inside actual Linux containers for OS-level security isolation. Nanobot achieves similar results in roughly 4,000 lines of code. IronClaw focuses on WebAssembly sandboxing. Anthropic shipped Claude Cowork, a first-party desktop agent built on the same Agent SDK, which Bloomberg reported triggered a $285 billion SaaS stock selloff.
The collective noun for all of these is “claws.”
Three distinct deployment models have emerged: one claw per human, one claw per function, and claw teams. Let’s explore.
One Claw Per Human
The simplest approach assigns a persistent AI agent to every employee. Each agent knows that person’s email, calendar, files, and preferences. It drafts responses, schedules meetings, summarizes documents, and executes routine workflows on their behalf.
Anthropic’s Cowork product fits here. So does a standard OpenClaw deployment configured for a single user. The appeal is maximum personalization.
Based on my own use of OpenClaw and NanoClaw, running a full proactive assistant on Claude Opus 4.5/4.6 costs $300 to $500 per month. So, a 500-person organization faces $150,000 to $250,000 in monthly compute costs before anyone writes a line of governance policy. Sadly, the attack surface scales linearly. Each agent holds persistent credentials for email, file systems, and internal tools. SecurityScorecard’s STRIKE team identified over 135,000 OpenClaw instances exposed to the public internet as of February 2026. Microsoft’s security blog stated that OpenClaw “should be treated as untrusted code execution with persistent credentials” and recommended it be deployed “only in a fully isolated environment” rather than on a standard personal or enterprise workstation.
The per-employee model maximizes capability and maximizes risk in equal measure. I can see cases where it makes sense for senior leadership teams of 10 to 20 people with dedicated IT support. The economics can work for broad deployments, but senior leadership really needs to lean into the concept of human/ai coworker teams.
One Claw Per Function
This model treats a claw as a sophisticated, well-connected, task-specific agent or agentic workflow. A customer support claw handles ticket triage and response. A sales development claw qualifies leads, drafts outreach, and updates the CRM. A content production claw manages the editorial pipeline. A code review claw audits pull requests.
This mirrors the evolution from monolithic applications to microservices, applied to reasoning systems instead of APIs. One agent verifies identity. Another evaluates risk. A third routes approvals. Together they manage end-to-end processes through events and APIs.
The economics work better. Instead of 500 agents at $500 per month each, you deploy 8 to 12 functional agents with tighter governance. Cost drops by an order of magnitude. The governance surface shrinks because you control the scope, permissions, and credentials of each agent centrally.
The tradeoff is personalization. Functional agents won’t write in your personal style, they’ll write in keeping with the corporate style guide. This is a feature, not a bug.
KPMG’s Q4 2025 AI Pulse Survey found that 72% of organizations plan to deploy agents from trusted technology providers, and 75% cite security, compliance, and auditability as the most critical requirements. The per-function model is where most enterprise deployments will land first.
Claw Teams
The most architecturally ambitious approach deploys coordinated teams of specialized claws that collaborate on complex tasks. This is the pattern generating the most engineering discussion and the most creative implementations.
A content production team might run a Researcher that scans trends at 5 AM, a Writer that creates drafts at 8 AM, a Designer that generates visuals, a Reviewer that enforces brand standards, and a Publisher that posts to channels. Each claw has its own memory, workspace, and behavioral rules. They communicate through a shared database. One builder runs 40+ scheduled jobs across this pipeline daily on a single server.
The collaboration patterns follow established multi-agent research: supervisor (one coordinator routing to specialists), pipeline (sequential assembly line), parallel (simultaneous independent work), and swarm (fully autonomous peer-to-peer coordination). Ready-made kits provision specialized agents as a collaborative team using a single setup command.
As you can imagine, when this works, it really works. But as with all teams, you’re only as good as your weakest link. And the security issues multiply with the addition of each agentic team member.
The ClawHavoc supply chain attack (February 2026) planted over 1,184 malicious skills in OpenClaw’s ClawHub marketplace, roughly one in five packages in the ecosystem. Attackers targeted the agents’ persistent memory files, the Markdown documents that store long-term instructions and behavioral rules, to permanently alter how agents operate. A single compromised skill can rewrite an agent’s instructions and wait. In a multi-agent team, that poisoned agent passes tainted outputs to every agent downstream. Claw teams architecture requires you to secure each individual agent as well as the relationships between them.
An Agent By Any Other Name
We’ve entered a new stage in the evolution of agents and agentic workflows. You can dismiss “Claws” as just the new buzzword for the newest bright shiny object. That’s not what’s happening here. We are seeing deployments of extremely capable, self-improving agentic workflows that accomplish real world goals. The tools are primitive. The process is messy. More things going wrong than going right. But one thing is clear… claws, agents, or whatever they are ultimately called are going to change the way we work.
The tech will improve daily. You can count on it. So, gather your tech team and ask them to spin up a few good examples of each approach. You’ll learn more in a week of experimentation than a quarter of planning.
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it. This work was created with the assistance of various generative AI models.