Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Claude Cowork security: are IAM controls keeping up with agentic AI?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9439
Topic starter  

TL;DR: Claude Cowork expands enterprise AI from answering questions to taking actions across browsers, desktop apps, and connected tools, which widens the trust boundary and makes built-in sandboxing, RBAC, and prompts necessary but not sufficient, according to Backslash Security. Continuous governance, connector review, and visibility into agent actions now matter more than endpoint assumptions.

NHIMG editorial — based on content published by Backslash Security: The CISO’s Field Manual for Claude Cowork Security

By the numbers:

Questions worth separating out

Q: How should security teams govern AI agents that use existing browser sessions?

A: Treat the browser session as a privileged access path, not a convenience layer.

Q: Why do AI agents complicate least privilege for IAM teams?

A: Because their actions are dynamic at runtime and can span multiple systems inside one session.

Q: What do security teams get wrong about sandboxed AI agents?

A: They often assume sandboxing solves the whole problem.

Practitioner guidance

  • Define agent session boundaries Classify which browser sessions, desktop apps, mounted directories, and SaaS tools an AI agent may inherit before rollout, then restrict that scope to the minimum set required for the task.
  • Review every connector and plugin Create an approval workflow for MCPs, plugins, and skills that includes source review, business owner sign-off, and periodic revalidation.
  • Monitor agent actions across systems Log which systems the agent touched, what data it viewed, and which actions it completed across browser, desktop, and connected applications.

What's in the full article

Backslash Security's full blog post covers the operational detail this post intentionally leaves for the source:

  • Feature-by-feature analysis of Computer Use, Browser Use, Dispatch, and desktop app integrations.
  • Configuration guidance for sandboxing, egress controls, permission prompts, and admin settings.
  • Practical discussion of connector governance, skill review, and rollout decisions by subscription tier.
  • Workflow examples showing how agent actions move across Excel, Outlook, Jira, and SaaS tools.

👉 Read Backslash Security's analysis of Claude Cowork security and enterprise AI risk →

Claude Cowork security: are IAM controls keeping up with agentic AI?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8923
 

Continuous access review was designed for identities whose privileges persist long enough to be observed. That assumption fails when an AI agent can move from one authenticated action to the next inside a single session. Cowork-style behaviour collapses the review window because the actor is operating, not waiting. The implication is that identity governance must stop assuming stable entitlements are always present long enough to certify or revoke.

A few things that frame the scale:

  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, which shows the governance gap is already operational.

A question worth separating out:

Q: Who is accountable when an AI agent misuses enterprise access?

A: Accountability sits with the organisation that approved the session, connector, and workflow scope. If the agent was allowed to inherit trust across tools, the failure is usually in governance, not just in the model. That is why identity, application owners, and security operations need a shared review path.

👉 Read our full editorial: Claude Cowork security shows agentic AI now needs identity governance



   
ReplyQuote
Share: