Claude Enterprise identity risk: are your IAM controls keeping up?

TL;DR: Claude Enterprise extends developer permissions into agentic workflows, so broad local access, static MCP keys, OAuth scope abuse, and prompt injection can all magnify identity risk inside daily operations, according to P0 Security. The real failure is assuming AI assistance inherits safe limits from human workflows; once the agent mirrors standing privilege, those limits disappear.

NHIMG editorial — based on content published by P0 Security: Anthropic’s Claude Enterprise by Neha Duggal

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

Questions worth separating out

Q: How should security teams govern AI agents that inherit developer permissions?

A: Treat the host account as the real control plane.

Q: Why do AI agents complicate least privilege in IAM programmes?

A: Because least privilege is usually defined at provisioning time for a stable human or service account.

Q: What do security teams get wrong about MCP server access?

A: They often treat connectors as lightweight integrations instead of identity-bearing trust paths.

Practitioner guidance

• Rebase developer access before enabling agents Remove standing admin rights, narrow repo and cloud permissions, and make agent execution depend on the least-privileged human account available.
• Register every MCP server and connector Document the authentication method, token type, data scope, and owner for each integration.
• Keep human confirmation on sensitive actions Require approval for secret access, production changes, and data movement that an agent can trigger from untrusted content.

What's in the full article

P0 Security's full analysis covers the operational detail this post intentionally leaves for the source:

• How Claude Code behaves across local user context, confirmed operations, and auto-approve settings
• Specific examples of MCP server authentication patterns and where static API keys create standing privilege
• Practical guidance for reviewing role explosion, managed settings, and auditability in AI-enabled workspaces
• Lifecycle handling for joiners, movers, and leavers when AI access is tied to developer accounts

👉 Read P0 Security's analysis of Claude Enterprise identity risk →

Claude Enterprise identity risk: are your IAM controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →  |  Our Services →