Does Your Company Have an AI Framework? Here's Why You Should.

Meet Bob. Bob's one of the good guys. The ultimate team player, helpful to all, always doing right by the company, genuinely wanting the best for his department and the organisation.

Known as the "tech-savvy" one in the team, Bob prided himself on staying current with AI: LLMs, image generators, productivity tools. He was particularly excited about OpenClaw, the most talked-about AI agent of 2026, clocking over 145,000 GitHub stars and becoming the fastest-growing repository in GitHub history. An always-on autonomous agent that could access his emails, folders and calendars, saving him 10–15 hours a week on collating reports, managing trackers, and clearing routine email enquiries through a WhatsApp chat channel on his phone.

The catch: for OpenClaw to run effectively, it needed an always-on computer. Bob looked at his rarely used but perfectly capable desktop PC, didn't think twice, and installed.

He gave it simple instructions: "Review my email inbox, organise items into folders, open file attachments and collate into a weekly summary."

OpenClaw was, unfortunately, a bit too effective. It studied Bob's email behaviour, noticed he was meticulously organised and never left anything unread, and decided to replicate that efficiency at scale. What Bob didn't know was that once the agent's context window filled up under the volume of a real inbox, it compressed its memory to keep running. In that compression, his original instructions were lost entirely. OpenClaw no longer remembered it was supposed to ask first. It just knew it needed to be efficient. So it deleted.

Sounds fanciful? This is almost exactly what happened to Summer Yue, Director of Alignment at Meta's Superintelligence Labs, just yesterday. She had OpenClaw working beautifully on a test inbox for weeks. She pointed it at her real inbox, same instructions. The agent hit a context compaction event, forgot her "confirm before acting" rule, and proceeded to speedrun deleting her emails. She couldn't stop it from her phone. She had to physically run to her Mac Mini to kill the processes. "Nothing humbles you like telling your OpenClaw 'confirm before acting' and watching it speedrun deleting your inbox," she posted on X. "I had to RUN to my Mac mini like I was defusing a bomb."

The question it raises is uncomfortable: if a well-meaning employee accidentally destroys company IP, or an AI tool generates false information that goes out to external stakeholders, who carries the can? The employee? IT? Management? Legal? All four, pointing at each other across a very expensive conference call?

If you asked most companies right now whether they have an AI governance framework, the honest answer would be no. Not because they haven't thought about it, but because the tools arrived faster than the policies. That gap is closing. By the end of this year, most organisations will have implemented some form of governance policy, if only because an incident like Bob's will have forced the issue.

Getting started does not require a 40-page document and a steering committee. It requires three things: a clear inventory of which AI tools are actually being used across the business (you will be surprised), a plain-language Statement of Intent outlining what is and is not acceptable use, and a basic org chart of who is responsible when something goes wrong.

Bob, for his part, learned all of this the hard way. He is still a good guy. He just reads the documentation first now.