Microsoft is making its boldest bet yet on AI agents — and it involves OpenClaw, the open-source framework that's been both praised for its capabilities and criticized for its security risks.
The company has created a new team, led by former Microsoft Word chief Omar Shahine, to integrate OpenClaw into Microsoft 365 Copilot. If successful, this could transform how hundreds of millions of office workers use AI at work.
What's Actually Happening
OpenClaw is an open-source AI agent framework that functions as a virtual assistant running on your machine. It can manage files, send emails, browse the web, and automate workflows across the apps you already use.
Think of it as AI that doesn't just answer questions — it takes action on your behalf.
Microsoft's new "Ocean 11" team — deliberately small, each member a "force multiplier" — is tasked with bringing this capability into M365 Copilot. Shahine describes their mission clearly: build agents that operate 24/7/365 within Microsoft 365, continuously monitoring what you're doing, helping you plan your day, managing emails, and tackling action items autonomously.
"Not another chatbot. Not another tool that helps when you remember to ask. An always-on agent that works on your behalf, 24/7, with real access to your real life," Shahine wrote in a recent blog post.
The groundwork is already in place. M365 Copilot supports custom agents and workflows, Copilot Search provides AI-powered search across Microsoft and third-party apps, and the Researcher agent already uses multiple models simultaneously to improve accuracy. Microsoft even brought Anthropic's Claude Cowork technology into Copilot, enabling long-running, multi-step work that executes across apps and files over time.
An early preview may come at Microsoft Build 2026 in June.
The OpenClaw Ecosystem
OpenClaw has gained serious traction in the developer community. Its GitHub repository has more than 354,000 stars and has been forked over 70,000 times. There are now nearly 50,000 OpenClaw-related repositories on GitHub — far more than competing frameworks.
More than 44,000 skills are listed on ClawHub as of April 2026, and skill development is accelerating.
The enterprise world is paying attention. Tencent launched its own OpenClaw product suite last week. Alibaba Cloud, Moonshot, and Xiaomi have released supported apps. Nvidia built NemoClaw, an enterprise-grade security stack on top of OpenClaw, with Adobe, IBM's Red Hat, and Box expressing interest. Even Salesforce has acknowledged parallels between OpenClaw's architecture and its own agent development roadmap.
There's already a "fully integrated" plugin for Microsoft Teams, enabling users to interact with their OpenClaw agent via direct messages, group chats, or channels.
The Security Problem
But here's the issue: OpenClaw's power is also its vulnerability.
The framework has been flagged for security concerns because of how it handles data and access. After developer Gavriel Cohen saw his OpenClaw agent download all his WhatsApp messages insecurely, he created NanoClaw as a safer alternative. There are now at least four competing "Claw family" technologies, but OpenClaw currently has the most traction.
For Microsoft, the security concerns are real. Enterprise IT admins and business leaders won't fully buy in without confidence that agents can access systems safely and respect permission boundaries at scale.
The good news? Microsoft has the infrastructure and software to mitigate risks. The company has spent years building access permissioning, identity management, and security controls for enterprise environments. If anyone can make OpenClaw safe for enterprise deployment, it's Microsoft.
Why This Matters for Enterprise Leaders
This isn't just a developer curiosity anymore. If Microsoft succeeds, OpenClaw becomes the infrastructure layer for how hundreds of millions of office workers interact with AI.
Here's what that means for different stakeholders:
For CIOs and CTOs:
- Architecture decision: Do you build your own agent framework or adopt Microsoft's? This integration could make that decision for you if your organization is already on M365.
- Security posture: You'll need to evaluate whether Microsoft's implementation addresses OpenClaw's known vulnerabilities. Wait for Build 2026 to see the security model.
- Integration risk: OpenClaw's ability to work across apps means you'll need policies for what agents can and cannot access.
For CFOs and Business Leaders:
- Productivity ROI: 24/7 agents that handle email management, meeting scheduling, and action items could drive measurable efficiency gains — but only if employees actually adopt them and use them correctly.
- Cost of change: Unlike standalone tools, this is integrated into M365 Copilot. If you're already paying for Copilot (which Microsoft has struggled to monetize), this could finally justify the expense.
- Workforce implications: Autonomous agents that "lighten your load by taking on tasks end-to-end" will change how work gets done. HR and operations leaders need to think about training, adoption, and role redefinition.
For CTOs in Vendor Selection:
- Lock-in risk: Microsoft is betting that Copilot + OpenClaw becomes the standard for enterprise AI agents. If they win, switching costs go up significantly.
- Ecosystem play: This move signals that Microsoft sees agents as the next platform layer, not just a feature. Your vendor evaluation process should account for this.
The Broader Context
Microsoft's OpenClaw bet comes as the company faces pressure to prove that Copilot is worth the investment. Despite strong technical capabilities, Microsoft has struggled to get enterprise customers to pay for Copilot at scale.
This is the company's answer: move from "AI that helps when you ask" to "AI that works on your behalf, all the time."
It's also a defensive move. If enterprises start building their own agent frameworks or adopting third-party alternatives, Microsoft risks losing control of the productivity layer it has dominated for decades.
What to Watch
- Build 2026 (June, San Francisco): Expect the first public preview and details on the security model.
- IT admin feedback: Watch for early adopter reports on how OpenClaw integration handles permissions, data access, and compliance requirements.
- Competing frameworks: Will Salesforce, Google, or other enterprise players adopt OpenClaw, build their own, or double down on proprietary agent systems?
- Security incident reports: Any major security breach involving OpenClaw could derail enterprise adoption — even if it's not Microsoft's implementation.
The Bottom Line
Microsoft is all-in on agents, and OpenClaw is the vehicle. If the company solves the security problem, this could be the moment that AI agents move from "interesting demo" to "default way of working" for enterprise employees.
But the security concerns are real, and enterprises won't adopt agents that create new vulnerabilities just to save time on email.
For now, the smart move is to watch Build 2026, evaluate the security model when it's public, and prepare your IT and business teams for a world where AI agents are always on — and always working.
Sources:
