I feel like this is absolutely not the case. Our corporate infosec guys are freaking out, as developers and general users alike are finding all new ways to poke holes in literally everything.

We're finding out quickly that enterprise endpoints are not locked down anywhere near enough, and the stuff that users are creating on the local endpoints is quickly outpacing the rate at which SOC teams can investigate what's going on.

If you're using Claude via Anthropic's SaaS service it's near impossible to collect logs of what actually happened in a user's session. We happen to proxy Claude Code usage through Amazon Bedrock and the Bedrock logs have already proven to be instrumental in figuring out what led a user to having repeated attempts to install software that they wouldn't have otherwise attempted to install - all because they turned their brains off and started accepting every Claude Code prompt to install random stuff.

Sandboxing works to an extent, but it's a really difficult balance to strike between locking it down so much that you neuter the tool and having a reasonable security policy.

[dead]

[dead]