Claude Code and runtime authorization: are your controls keeping up?

TL;DR: Claude Code can act outside intended boundaries if authorization is left to prompts and local configuration, with real developer reports showing file writes, path escapes, and pipeline changes; Gartner also expects over 40% of agentic AI projects to be cancelled by 2027 and 25% of enterprise breaches to trace back to AI agent abuse. Prompt-level trust is not a control plane, and enterprise IAM needs external enforcement for agent tool calls.

NHIMG editorial — based on content published by Cerbos: Claude Code security and runtime authorization for AI coding agents

By the numbers:

• Gartner predicts over 40% of agentic AI projects will be canceled by the end of 2027 due to escalating costs, unclear value, or inadequate risk controls.
• By 2028, Gartner expects 25% of enterprise breaches will be traced back to AI agent abuse.
• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.

Questions worth separating out

Q: How should security teams control AI coding agents that can read files and run commands?

A: Security teams should treat AI coding agents as runtime subjects and enforce access outside the agent process.

Q: Why do AI coding assistants create a new authorization risk for IAM teams?

A: They turn access into a rapid chain of file reads, writes, and shell commands that can exceed the assumptions of human-paced review.

Q: What breaks when agent permissions are enforced only through prompts or local files?

A: What breaks is the enforcement boundary.

Practitioner guidance

• Move agent authorization outside the agent process Intercept every file, shell, and network-related tool call before execution, and evaluate it in an external policy engine that the agent cannot modify or bypass.
• Centralise policy for all agent sessions Remove permission logic from per-developer config files and keep it in versioned, testable policy managed by the platform team across the organisation.
• Audit every tool decision centrally Store allow and deny decisions with request context, timestamps, and outcome in a searchable audit log that compliance and security teams can review later.

What's in the full article

Cerbos' full article covers the operational detail this post intentionally leaves for the source:

• How its HTTP hooks pattern intercepts Claude Code tool calls before they execute
• How server-managed settings can push agent controls to every developer machine via MDM
• How central policies in Cerbos Hub map role, path, and tool restrictions into real decisions
• How observe mode logs agent behaviour before you turn on blocking rules

👉 Read Cerbos' analysis of Claude Code security and runtime authorization →

Claude Code and runtime authorization: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →