You can now govern Claude the same way you govern Okta, Salesforce, and M365

A few weeks ago I was speaking with a CISO at a large financial institution. I asked him which AI tools his company was using. He said: "We're only on Copilot."

‍

We pulled up Reco. Number one usage across his org was Claude. Number two was OpenAI. Copilot was number three.

‍

He went quiet for a second. Then he said: "Who did that?"

‍

Everyone did that. Not because they're rogue employees. Because they want to be better at their jobs. And Claude is very good.

‍

This is happening at every company I talk to. Claude is already in your enterprise. The question is whether your security team knows it, and whether they have any way to govern it.

‍

Until today, the answer for most teams was: not really.

‍

The Claude security gap

‍

Claude runs across two distinct surfaces. Most security tools see one of them, if any.

‍

The first is Claude Enterprise, where employees use Claude day-to-day. Several tools connect here via the Anthropic Compliance API and can surface user activity. Okay, but incomplete.

‍

The second is the Anthropic Platform Console, where your engineering teams manage API keys, workspaces, and the agents they build and deploy. This is where API key exposure and unauthorized access typically start. Few tools have any visibility here.

‍

And neither surface captures what agents are actually doing once deployed.

‍

I talk to security teams all the time who think they have one problem. They actually have three: the apps, the identities, and the agents. And the agents aren’t siloed. They connect to Salesforce, to Slack, to GitHub, to Snowflake. They accumulate access over time. And when the person who built the agent leaves the company, nobody revokes the agent's permissions. The agent keeps running and the access stays live.

‍

This is what I mean when I say the perimeter has moved. It’s not your network anymore. It’s not even your endpoints. It’s every third-party app, every agent, every OAuth token your employees and developers have ever connected.

‍

What we built

‍

Today, Reco covers both Claude surfaces, plus every agent in between. And because we are already connected to more than 230 SaaS applications, you can now govern Claude the same way you govern Okta, Salesforce, and M365. Same identity graph, same posture checks, same incident response workflow.

‍

Let me walk through what that means in practice.

‍

Discovery. We surface Claude usage from seven independent sensors: 1) endpoints via CrowdStrike, Defender, or SentinelOne; 2) network via SASE; 3) browser via Reco BrowserGuard; 4) SSO logs; 5) social logins; 6) connected plugins; and 7) shadow email. If someone in your org is using Claude and IT doesn’t know about it, Reco will find it. Every account gets classified: sanctioned, shadow, or AI agent.

‍

Identity governance. Every account across both Claude surfaces gets cross-referenced against your full SaaS environment. If a user is a guest in one connected app but has admin rights in Claude Enterprise, you see that in one view. Same identity graph, both surfaces. This is the power of our coverage. A point tool that only watches Claude cannot show you this.

‍

AI agent security. This is where most tools have nothing. We discover every agent built on Claude: the model running, every MCP server it is connected to, every tool it can invoke. That is the full map of what an agent can reach and do. Then we evaluate the risk. Not just the agent in isolation. The agent, its owner, the owner's status, the apps the agent connects to, the blast radius if something goes wrong. Context changes everything.

‍

I’ll give you a real example. An agent with access to Salesforce and Google Drive looks unremarkable on its own. But when our graph shows that the agent's owner left the company last month, the permissions were never revoked, and there are no guardrails set, that is a critical risk. We surface it. Most tools do not.

‍

Posture management. We run continuous posture checks across both Claude surfaces. API key hygiene, role governance, MCP server policies, SSO requirements, IP restrictions. Eight out-of-the-box checks today, more coming. Everything maps to a compliance framework so you can show the work to auditors and the board.

‍

Threat detection. 46 detection policies across both surfaces. Real-time feed of every action in Claude Enterprise. Alerts with full context, remediation steps, MITRE ATT&CK mapping.

‍

The other direction: Claude queries Reco

‍

This is the part that usually gets a reaction in the room.

‍

Reco exposes its own MCP server. That means Claude connects to Reco as a data source and can query your entire identity graph, posture findings, and threat alerts in natural language.

‍

Your team opens Claude, types a question, and gets the answer from live Reco data.

‍

One of our customers used it to build a full executive summary in minutes: total users, offboarded users still with access, open posture findings by severity, top risky findings, MCP server changes in the last 30 days, all alerts from the last month. 

‍

And because Reco is connected to over 230 applications, when you ask about a user, Claude synthesizes the full picture: their Salesforce access, their GitHub, their Okta, their Claude activity. Everything combined in one response. That is what a security analyst should be able to do in minutes.

‍

Why this is different from tools that only watch Claude

‍

Most tools stop at the Claude Enterprise boundary. They treat Claude as an isolated product to monitor. That is not how attackers treat it.

‍

Attackers think in terms of access chains. An overpermissioned agent whose owner left the company. An API key that was created six months ago and never rotated, sitting in a script connected to three other systems. A former employee whose Claude Enterprise account was never offboarded.

‍

Each of those signals looks low priority on its own. Together, they are an incident waiting to happen. We call this toxic combination detection. It’s what you get when you have cross-source context from 230+ integrations. No single-source tool can surface it because they don’t have the full picture.

‍

This is also why I believe that if you are securing Claude in isolation, you are not really securing Claude. You need to see it in context.

‍

What I tell CISOs right now

‍

You cannot block AI. I stopped trying to help companies do that a long time ago. The CISO at GM Financial told me last month: "I became a business enabler. The business needs to move on AI and I cannot block it. But I can remove the risk and let them move faster."

‍

That is the right framing. Your job is not to stop Claude adoption. Your job is to make sure that when Claude is in your environment (because it already is), you have the same governance you have everywhere else.

‍

With Reco, you do.

‍

Reco is listed by Anthropic as a security integration for the Claude Compliance API. If you want to see what this looks like in your environment, request a demo at reco.ai/demo-request.