Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Claude Code and runtime authorization: are your controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9059
Topic starter  

TL;DR: Claude Code can act outside intended boundaries if authorization is left to prompts and local configuration, with real developer reports showing file writes, path escapes, and pipeline changes; Gartner also expects over 40% of agentic AI projects to be cancelled by 2027 and 25% of enterprise breaches to trace back to AI agent abuse. Prompt-level trust is not a control plane, and enterprise IAM needs external enforcement for agent tool calls.

NHIMG editorial — based on content published by Cerbos: Claude Code security and runtime authorization for AI coding agents

By the numbers:

Questions worth separating out

Q: How should security teams control AI coding agents that can read files and run commands?

A: Security teams should treat AI coding agents as runtime subjects and enforce access outside the agent process.

Q: Why do AI coding assistants create a new authorization risk for IAM teams?

A: They turn access into a rapid chain of file reads, writes, and shell commands that can exceed the assumptions of human-paced review.

Q: What breaks when agent permissions are enforced only through prompts or local files?

A: What breaks is the enforcement boundary.

Practitioner guidance

  • Move agent authorization outside the agent process Intercept every file, shell, and network-related tool call before execution, and evaluate it in an external policy engine that the agent cannot modify or bypass.
  • Centralise policy for all agent sessions Remove permission logic from per-developer config files and keep it in versioned, testable policy managed by the platform team across the organisation.
  • Audit every tool decision centrally Store allow and deny decisions with request context, timestamps, and outcome in a searchable audit log that compliance and security teams can review later.

What's in the full article

Cerbos' full article covers the operational detail this post intentionally leaves for the source:

  • How its HTTP hooks pattern intercepts Claude Code tool calls before they execute
  • How server-managed settings can push agent controls to every developer machine via MDM
  • How central policies in Cerbos Hub map role, path, and tool restrictions into real decisions
  • How observe mode logs agent behaviour before you turn on blocking rules

👉 Read Cerbos' analysis of Claude Code security and runtime authorization →

Claude Code and runtime authorization: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8498
 

Prompt-level permission is not a governance model: This article shows that an AI coding assistant can reinterpret or bypass the very boundaries it is supposed to respect. That is not a usability issue; it is a control-plane failure. Access review, local instructions, and user vigilance assume the subject will remain inside declared scope. Practitioners should treat agent tool use as externally governed runtime access, not self-enforced etiquette.

A few things that frame the scale:

  • By 2028, Gartner expects 25% of enterprise breaches will be traced back to AI agent abuse, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
  • Across our secrets research, the average estimated time to remediate a leaked secret is 27 days, even though 75% of organisations express strong confidence in their secrets management capabilities.

A question worth separating out:

Q: Who should own governance for AI coding agents in an enterprise?

A: The platform or security team should own it, because the controls need to apply consistently across users and devices. Governance must cover role-based access, file-path restrictions, command policy, and central audit logging so that individual developers cannot quietly widen agent permissions.

👉 Read our full editorial: Claude Code needs external authorization, not prompt-level trust



   
ReplyQuote
Share: