Airia, an Atlanta-based enterprise AI security and orchestration platform, announced on March 20 a dedicated enterprise security layer for OpenClaw deployments. The company says an unnamed healthcare organization has already deployed OpenClaw through Airia’s “AI Gateway” with HIPAA compliance and data protection standards in place.

The announcement arrives on a day when OpenClaw’s security posture is under more scrutiny than at any point in the platform’s history. Earlier today, NCT reported on CVE-2026-32013 and CVE-2026-32014, two new vulnerabilities that brought the week’s total disclosed CVEs to at least six, alongside a Kaspersky audit that found 512 security issues across the OpenClaw codebase. Separately, a phishing campaign targeting OpenClaw developers on GitHub is still active as of this evening.

What Airia Is Selling

Airia’s OpenClaw security layer includes four components, according to the press release:

CEO Kevin Kiley framed the product as a response to enterprise demand: “OpenClaw represents a breakthrough in AI agent capabilities, but it carries significant security risks that make it unsuitable for enterprise use without proper guardrails.”

The Money Behind It

Airia isn’t a startup running on fumes. The company secured $100 million in funding in September 2025, with co-founder John Marshall — who previously co-founded AirWatch (acquired by VMware for $1.54 billion in 2014) and OneTrust — backing the round with personal capital. Kiley, who previously served as Airia’s president, took over as CEO during that funding round.

Founded in 2024, Airia describes itself as “the industry’s first unified enterprise AI security, orchestration, and governance platform.” The OpenClaw-specific product appears to be a new vertical for the company, building on its existing AI Gateway infrastructure.

First Mover, But Moving Into What Exactly?

Airia is the first enterprise security vendor to publicly announce a product specifically targeting OpenClaw deployments. That timing matters. OpenAI completed its acquisition of OpenClaw earlier this month, and the platform’s enterprise adoption has accelerated rapidly, particularly in China and among Fortune 500 companies. BNY Mellon disclosed deploying 20,000 AI agents across its operations.

The core question Airia’s product raises: should enterprise security for OpenClaw come from third-party wrappers, or from the platform itself? OpenClaw’s allowlist-based permission system and sandbox architecture provide baseline security, but the CVE cluster this week demonstrated that baseline has gaps. Kaspersky’s 512-issue audit report suggests those gaps are structural, not incidental.

Kiley’s own framing concedes the point: Airia positions its product as a bridge to the company’s “more configurable and transparent Omni platform,” which means the OpenClaw security layer is partly a customer acquisition funnel, not purely a standalone offering.

What’s Missing

The press release names no specific healthcare customer. “A well-known healthcare organization” is doing a lot of work in that sentence without any verification. Airia also doesn’t specify pricing, deployment model (cloud proxy vs. on-premise), or whether its DLP layer works with OpenClaw’s local execution model or only through API-proxied deployments.

There’s no indication that OpenAI or the OpenClaw core team has any relationship with Airia. This is a third-party wrapper, not an endorsed security solution.

For enterprises evaluating OpenClaw security, the Airia announcement signals that a market for third-party governance tools is forming. Whether that market produces meaningful security improvements or just another layer of vendor contracts between the agent and the data it touches remains an open question.

Sources: GlobeNewswire, Yahoo Finance, BusinessWire