The Enterprise Press Release Is the Fad Signal

There is a reliable clock you can set by in AI, and it goes: nerds, newbs, everyone, enterprise.

OpenClaw hit 180,000 GitHub stars and two million visitors in a single week. Peter Steinberger got poached by OpenAI. Microsoft published a security blog about it. CrowdStrike published a security blog about it. RunLayer - a startup that sells a governance layer for AI agents - just announced "secure OpenClaw agentic capabilities for large enterprises," complete with ToolGuard, zero-trust MCP scanning, and sub-100ms real-time blocking of curl | bash.

The clock has struck enterprise. You know what that means.

It means the thing is done being interesting. Not done being used - it'll be used for a decade, it'll show up in procurement conversations and compliance audits and SOC 2 reports. Gusto has it. Instacart has it. The thing will be fine. But the frontier has already moved, and the enterprise press release is the tombstone.

This is not a criticism of RunLayer, who are solving a real problem - turns out giving an open-source agent with no native sandboxing a master key to your SSH credentials and your Gmail is a bad security posture, something their engineer apparently demonstrated in 40 messages. Real product, real customers, genuine threat. Fine.

But the pattern is the point. Every time something gets a governance layer bolted on and a VentureBeat writeup with "for large enterprises" in the headline, some other thing is being born in a GitHub repo that hasn't hit a hundred stars yet.

AI agents for everyone is not the thing. It's the wrapper around the thing. The thing is whatever people are building with those agents when nobody's watching yet - and by the time RunLayer has a compliance tier for it, we'll be three cycles deep and calling this era quaint.