Financial institutions are largely keeping OpenClaw, the fast-growing open-source AI agent platform, off of their corporate networks.
The move cuts across banks and credit unions, where compliance teams say the platform’s open-source architecture and broad system access create risks they cannot underwrite despite explosive consumer adoption, James White, vice president of growth and market strategy at fintech Engage Fi, told FinAi News.
What is OpenClaw?
OpenClaw is a self-hosted AI model that runs on a user’s own hardware and connects to messaging apps such as WhatsApp, Telegram and Slack to take real actions including sending emails, executing commands, controlling browsers or managing calendars, according to the company’s website.

Unlike closed-source models from OpenAI, Anthropic or Google Gemini — in which the vendor controls the code, data handling and security patching — OpenClaw runs on the user’s machine, with code anyone can inspect or modify, White said.
For developers, that means transparency and control, White said. For bank CISOs, it means an unvetted runtime with elevated system privileges sitting outside any vendor accountability chain.
Trust issues
“Banks and credit unions are very concerned about not having any NPI [non personal information] or PII [personal identifiable information] in any AI models,” White said. “Even just what you and I would consider not that sensitive, like a name and a home address is sensitive data for banks.”
White said he uses OpenClaw at home, but won’t touch it on his work machine.
“I’m not going to risk my organization with OpenClaw,” he said.
In late January, Moltbook, a social network built for OpenClaw agents, exposed roughly 35,000 email addresses and 1.5 million agent API tokens through a misconfigured backend, according to a March 10 research report from cyber security company Trend Micro.
At credit unions that have approved AI tools, the gate is high and OpenClaw doesnt make the list.
“Security is again the utmost importance,” said Tracy Ingram, chief technology officer at Achieva Credit Union, told FinAi News. “Our staff don’t have access to these tools through any of our Achieva systems, and the system will block any attempts of opening tools like OpenClaw.”
Industry prefers open-source models, but with guardrails
Despite OpenClaw’s major security flaws, the financial services industry prefers deploying open-source AI models, Kevin Levitt, global business development lead for financial services at Nvidia, previously told FinAi News, adding that 84% of FIs prefer open-source models.
That’s because open-source models have security guardrails, provide better accessibility,can be edited and are cost-effective, Levitt said.
“Banks companies do want open-source models over closed-source ones, but don’t want open-source models that expose them to security risks,” Jeff McMillan, founder of consultancy McMillanAI and former head of firmwide AI at Morgan Stanley, told FinAi News.
It is still early to tell what family of AI models will win, but the scales are tipping toward open-source models for now, he added.
Anthropic, the creator of Claude, temporarily banned users from connecting OpenClaw agents to its platform and lifted the ban last week only for users paying $200 a month.
“We’ve seen time and time again that the efficiency gains and the safety guardrails you need in these models can only really be achieved with closed-source models,” Nicholas Lin, head of product for financial services at Anthropic, told FinAi News.
“Especially for regulated industries and workflows that require safety auditability, our models perform better.”
At the same time, Mastercard is working to bring network-grade controls with open-source models to the ecosystem, Pablo Fourez, chief digital officer at Mastercard, told FinAi News.
In April, the payments company Crossmint announced plans for its open source model Lobster.cash to integrate Mastercard Agent Pay, initially for OpenClaw agents.
“Mastercard Agent Pay was built to bring trust and accountability to every agentic transaction,” Fourez said. “By integrating with Lobster.cash, we’re extending Mastercard’s trusted payments network and infrastructure to open agent platforms, enabling developers to innovate while ensuring consumers and issuers retain the same security and control they expect from Mastercard.”
Register here for the FinAi Lending Summit, set for Oct. 7-8 in Las Vegas.






