Running OpenClaw safely: identity, isolation, and runtime risk

Self-hosted agents execute code with durable credentials and process untrusted input. This creates dual supply chain risk, where skills and external instructions converge in the same runtime. As OpenClaw-like systems enter enterprises, governance and runtime isolation become critical.
The post Running OpenClaw safely: identity, isolation, and runtime risk appeared first on Microsoft Security Blog.

---

Research

February 19

12 min read

Running OpenClaw safely: identity, isolation, and runtime risk

By Microsoft Defender Security Research Team

[Image: Copilot logo]

---

[Original source](https://www.microsoft.com/en-us/security/blog/2026/02/19/running-openclaw-safely-identity-isolation-runtime-risk/)