Notifications
Clear all
Topic starter
22/06/2026 10:16 am
TL;DR: AI agents in Claude Enterprise now expose tool use, configuration, and audit data that security teams can govern, while Zenity says the integration also targets prompt injection, credential exposure, and unauthorized actions across Claude Code, Cowork, and Chat. The real shift is that enterprise IAM must now account for agent behaviour, not just model output.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities , 46% confirmed, 26% suspected.
Questions worth separating out
Q: How should security teams govern AI agents that can invoke enterprise tools?
A: Start by treating the agent as a governed identity with scoped access, not as a chat feature.
Q: Why do AI agents complicate existing IAM and PAM controls?
A: Because IAM and PAM are usually designed around stable identities and predictable request flows.
Q: What do organisations get wrong about prompt injection in enterprise agents?
A: They often treat prompt injection as a content issue instead of an action issue.
Practitioner guidance
- Inventory every Claude-connected agent pathway Map which agents can invoke tools, access enterprise applications, or act on behalf of users across Claude Code, Cowork, and Chat.
- Bind audit trails to agent actions, not just logins Require records that show the agent’s tool invocation, configuration state, and downstream system call for each meaningful action.
- Put policy around MCP servers and skills Approve, review, and periodically recertify each Model Context Protocol server, plugin, and skill that an agent can reach.
What's in the full announcement
Zenity's full post covers the operational detail this analysis intentionally leaves for the source:
- How the Claude Enterprise integration maps to specific agent discovery, policy, and response workflows.
- What the platform surfaces for tool invocations, configuration settings, and auditability across Claude Code, Cowork, and Chat.
- How Zenity describes detection coverage for prompt injection, credential exposure, and unauthorized agent actions.
- Which enterprise control points are meant to govern Model Context Protocol servers, plugins, and skills.
👉 Read Zenity's analysis of Claude Enterprise agent governance and security →
Claude Enterprise agent governance: what changes for security teams?
Explore further
22/06/2026 11:04 am
Agent governance is now an identity problem, not a model problem. Once Claude Enterprise agents can invoke tools, act on behalf of users, and touch connected systems, the relevant control surface shifts into IAM and governance. Security teams are no longer just reviewing outputs, they are governing delegated action. That makes agent identity, tool scope, and auditability first-class security objects, not secondary monitoring fields.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
A question worth separating out:
Q: Who is accountable when an AI agent takes an unauthorized action?
A: Accountability usually sits with the organisation that granted the agent its access, configured its tools, and failed to define clear approval boundaries. That is why audit trails, lifecycle review, and ownership of each connected capability matter. If the agent can act, someone must own the decision to let it act.
👉 Read our full editorial: Claude Enterprise governance now extends to AI agent actions
