'A hard no': Next wave of agentic AI upping the ante

For business leaders who are just getting a handle on chat-based tools like ChatGPT, the next wave of “agentic” products is upping the ante for employee privacy and organizational security. 

The latest tools hitting the market – such as OpenClaw and now Anthropic’s latest Claude feature – move beyond generating text and helping with discrete tasks. They can pilot a computer, follow chains of actions and interact directly with business systems and the outside world.  

For employers, that means a tool that used to live in a browser tab can now move into core processes, potentially taking over entire workflows — all while operating under an employee’s credentials. 

McGill University organizational behaviour professor Matissa Hollister says this kind of tech should be a “hard no” for workplace adoption. 

“These models have learned a lot about reasoning, have learned a lot about taking actions, can be surprisingly effective, but are not 100 percent reliable,” Hollister says. 

“It’s very, very widely agreed that it’s way too much of a security concern, especially on a work laptop.”  

Computer-controlling AI and security  

According to Hollister, the newly announced feature of Anthropic’s Claude bot is a “very clear response” to the earlier release and excitement around a similar app called OpenClaw. It’s also a reason to take the hype and promises with a grain of salt. 

“All these companies are now rolling out tools to try and be the first ones, or capture markets,” Hollister says. 

"It's very much clearly in response to that ‘OK, people seem to be excited about being able to control computers. Let's just do it. Because it's either us or it's OpenAI. We're going to beat them to it.’” 

OpenClaw’s “AI that actually does things” uses apps like WhatsApp and Telegram – “any chat app you already use” – to act as a personal assistant; it has been called the next ChatGPT. Hollister says Claude has deep pockets and a track record on its side, but that doesn’t mean less risk. 

Agents that can use email and other communicating apps can also interact with the real world, she warns, which opens the door for whole new categories of security risk, such as the ability for malicious actors to hide malware “that somehow the AI would see and interpret as instructions and start doing unintended things. And because they can act in the real world, that would be very dangerous.”  

Hollister points to another vulnerability, centred around how Claude’s bot would move a cursor and type on a computer screen: “It's continuously taking screenshots. It's literally seeing your screen and seeing where it is to find [the cursor].” 

This functionally gives the software the ability to “navigate the user interface” and to open and use any app, creating obvious problems for privacy and security. 

“One of the things people have pointed out is that means that in those screenshots, it'll capture anything you have open on your computer, and that will be incorporated into the screenshot,” Hollister says.  

“Maybe you have your bank open, and it'll capture your bank information. The chances that it will do something with that are low, but not impossible.” 

Security measures: hard walls around experimentation 

Considering the risks, the immediate question for HR and IT leaders is not just whether these tools are interesting or useful, but whether they belong on corporate machines at all; for Hollister the answer is “no”, with not much room for experimentation.  

Referencing examples from China where adoption of OpenClaw has been more widespread than in the U.S. and Canada, Hollister says that when employers want to allow for innovation and testing of new tech by employees, there needs to be literal, physical hard boundaries. 

“You have your personal computer, and then you have your computer that's running this tool, and that's a way to be careful that it doesn't start affecting things that you actually care about or [show] personal information,” she says. 

“People are apparently setting up… Mac Minis, because they're affordable little computers, and they're deploying it on that instead, to get all the functionality and reduce the risk.” 

If AI does the work, who is the worker? 

There is a tug-of-war emerging between worker and employer as tasks, roles and ownership are shuffled with each new AI iteration that hits the market and the workplace – it’s a battle Hollister says must be resolved by give on both sides, including workers.  

“The expectation [is] they will continue to get credit for all of that work, get paid for all of that work. They have to continue to demonstrate where their role has value and creates that work,” she says. 

“One of the dangers is if the computer can do it really well, it may not be your work anymore, right? Not only is it not your work, intellectual-property wise, but at some point your employer doesn't need you anymore.” 

As Hollister puts it, the task at hand for employers is to ensure employees are not losing responsibility for their own work as they offload more and more tasks to handy AI tools. There have been plenty of reports already about managers lamenting the “workslop” of their teams as quality slides and accountability seemingly goes out the window. 

“On the other hand,” she adds, “employers have to think about what kinds of pressures they're putting on workers.” 

How the organization is set up, the culture, the messaging around values, are going to dictate how employees use any AI tool; strong focus on efficiency, speed, quantity over quality, coupled with competitive or stressful workloads, will lead to workers leaning hard on AI to get work done faster, and they’ll be less likely to spend time double-checking their work.  

“Is there such high demand on these people for their work that they feel like they have no choice but to just hand in the AI-generated output, because it's the only way that they can accomplish what they've been asked to do?” Hollister says. 

“If the focus is only on efficiency and output, that's going to invite workers to use these tools solely for efficiency and output, just doing things faster, and I think that's a risk as well.”