Securing OpenClaw Access So It Can't Go Rogue

In this video, we demonstrate how to securely grant an AI agent (OpenClaw) access to Teleport-protected Kubernetes resources using Teleport Machine Identity and tbot, without exposing secrets, API keys, or long-lived tokens.

You’ll see how Teleport treats AI agents as first-class identities, enforcing strict RBAC controls so the agent can only do what it’s allowed to do, like reading logs, while being blocked from sensitive actions like deleting resources or accessing secrets.

This approach enables AI agents to operate autonomously while staying fully secured, audited, and governed.

Mentions:

• AI agents with Machine and Workload Identity guide - https://goteleport.com/docs/machine-workload-identity/use-cases/ai-agents-mwi/
• Try Teleport Enterprise Cloud for free: https://goteleport.com/signup
• Deploy Teleport Community Edition - https://goteleport.com/docs/get-started/deploy-community/
• Running tbot on Mac instead? Check this - https://github.com/gravitational/teleport/discussions/65192
• Secure and Access OpenClaw with Teleport guide - https://goteleport.com/docs/enroll-resources/application-access/protect-apps/openclaw/
• Join our community Slack - https://goteleport.com/community-slack/

#openclaw #teleport #aiagents