AI Coding Agents Operate Outside Traditional Security Controls

Security teams have historically implemented identity and access controls for human users and service accounts, but a new category of actor—Anthropic’s AI coding agent, Claude Code—now operates in enterprise environments outside these controls. Claude Code is deployed at scale across engineering organizations, where it performs tasks such as reading files, executing shell commands, and calling external APIs. The article highlights that these AI agents function without the established security frameworks designed for traditional users. No specific dates, technical metrics, or vulnerabilities (e.g., CVE IDs) were mentioned in the provided excerpt. The impact described centers on the lack of visibility and control over AI-driven actions within enterprise systems.