Join our FREE personalized newsletter for news, trends, and insights that matter to everyone in America

Newsletter
New

How Are You Guys Actually Securing Claude / Ai Code Tools? (e5/purview Shop)

Card image cap

Hey everyone, looking for some insight here, mostly just trying to talk this out and get some ideas. We are finally hitting the point where we have to embrace supporting AI at the code level in our environment.

For a long time we pretty much turned a blind eye and just managed it at the firewall level. But devs and a couple business analysts are making a really hard case to get access to Claude Code.

I’ve done some digging into how it sits at the client level. It basically inherits the user’s rights, though there are some local install permissions you can put in place to try and secure it a bit better.

We’re a Microsoft shop for our security stack (E5 licensing) so we use the full Defender stack for our daily workflow.

Lately I've been researching Purview DSPM for AI security to help with this, and it honestly seems to monitor way more than I thought was possible. Looks like it'll be a great addition to at least monitor and regulate what's being sent to these models as far as PII or sensitive data. I'm also looking to leverage Defender for Cloud Apps which is more of a forked/proxy approach versus trying to handle it all at the endpoint code level.

Lastly, we were entertaining the idea of a secure enclave or some different network segmentation to isolate where these functions run. Not 100% sure if that's actually common practice or if it's overkill for what others are doing.

What is everybody else doing? My first instinct was to completely deny it and shut it down, but who are we kidding... we need to learn how to maintain and support it or else we're gonna have a serious Shadow IT problem on our hands.

Let's brainstorm. Especially for the guys out there just getting their heads around this that don't have a massive security team to throw at it. What are you doing to secure against basic AI codex stuff beyond just blocking the web UI front ends?

Thanks!

submitted by /u/Substantial_Buy6134
[link] [comments]