Claude's Agents Are Already Running Across Your Enterprise. Now Security Teams Can Catch Up.

We are excited to share that Zenity now integrates with Claude's Compliance API to bring Claude activity into the same AI security and governance platform enterprises already use to govern agents across the business. By combining Claude's Compliance API telemetry with Zenity's native agent security capabilities, security teams gain the visibility, posture controls, and real-time enforcement needed to secure Claude across the full agent lifecycle.

Built To Support How Claude Operates

Most security tools were built for systems and applications that wait for instructions. Claude agents don’t wait.

• Claude Code navigates repositories, writes code, invokes tools, and influences production changes.
• Cowork can read documents, summarize business context, and act through connected enterprise systems.
• Claude Chat connects to sensitive information and shapes how decisions get made.

Each surface carries its own risk profile. Each requires security that accounts for how agents actually behave, not just what they return.

Zenity's integration with Claude's Compliance API extends Zenity's existing AI security and governance platform with authoritative Claude activity context. Zenity then enriches that context with agent inventory, configuration posture, extension governance, behavioral analysis, and inline controls across the environments where Claude agents operate.

The result is full-lifecycle security for Claude: from the setup layer where risk can be introduced, through the runtime layer where agents reason and invoke tools, to the execution layer where agent activity becomes code, data movement, or business action.

Where Logs Stop, Agent Security Begins

The Compliance API gives enterprises a critical foundation for understanding Claude activity. But activity visibility alone isn’t enough for agents that can use tools, modify code, and act across enterprise systems.

Logs can help security teams understand what happened. Zenity helps them determine whether the agent should be allowed to do it in the first place.

Zenity brings Claude activity into a broader security model that includes posture management, runtime detection and response, and inline prevention. Security teams can investigate agent behavior, identify risky configurations, enforce policy before sessions begin, and stop unsafe activity before it reaches source code, secrets, or production systems.

See Every Agent Action in Context

Zenity helps security teams move beyond isolated events and understand the full sequence of agent behavior. Every Claude Enterprise install, MCP server, skill, plugin, and connected extension is inventoried and assessed against policy. Agent activity is reconstructed with the context security teams need to understand what the user asked, how the agent responded, the intent of the agent, which tools were involved, and what downstream work was produced.

Session replay

Security teams can review Claude activity end-to-end, including prompts, responses, tool interactions, and relevant execution context. This gives investigators the ability to follow the sequence of decisions and actions the agent took, rather than relying on a disconnected set of alerts.

Commit correlation

For Claude Code, Zenity correlates agent sessions with pull requests, commits, and code changes. When an AI-assisted change reaches production, security and engineering teams can trace that change back to the agent activity that influenced it.

MCP and plugin inventory

Zenity maintains an inventory of MCP servers, skills, plugins, and other agent extensions across the Claude estate. Security teams can see what is running, where it came from, which users or projects it is associated with, and whether it aligns with organization-level policy.

Stop Threats Before the First Prompt Fires

Agent compromise often begins before a session starts.

A malicious MCP server, risky plugin, poisoned skill, weaponized hook, or tampered configuration can shape what an agent sees, what it can access, and what it is allowed to do. These setup-layer risks often sit outside the reach of traditional activity logs and after-the-fact monitoring.

Zenity evaluates agent configuration and connected extensions before sessions begin, helping teams reduce exposure before Claude is ever prompted.

Configuration posture

Zenity assesses Claude configuration across managed, user, project, and local scopes where applicable, identifying risky settings, drift from policy, and configurations that could expose the organization to unsafe agent behavior.

Extension governance

Zenity enforces organization-level policy for MCP servers, skills, plugins, and other agent extensions. Security teams can allow, block, or review extensions based on source, behavior, permissions, and risk.

Secrets and payload detection

Zenity identifies embedded credentials, suspicious payloads, and injection patterns in configuration and extension layers before they influence an agent session or reach a developer workstation.

Real-World Agent Threat: The Malicious MCP Server

Consider a developer using Claude Code to update a dependency and open a pull request. The developer has installed an MCP server that appears legitimate, but the server contains hidden behavior designed to influence the agent session.

During the task, Claude reads package documentation that includes an indirect prompt injection. The instruction tells the agent to inspect local environment variables, modify a build script, and add an external callback that blends into normal dependency-update work.

A traditional log-only control may show that Claude was used. A DLP tool may flag sensitive text after it appears. But by then, the agent may already have invoked a tool, touched the repository, or prepared a change for review.

Zenity is built for the execution chain.

• Before the session starts, Zenity evaluates the Claude configuration, MCP servers, skills, plugins, hooks, and other connected components that could influence the agent.
• During the session, Zenity analyzes the prompt, tool, file, and command sequence in context. If the agent begins to deviate from the expected task, attempts a destructive action, exposes credentials, or behaves as if it’s following a hidden instruction, Zenity can block the unsafe activity before it reaches source code, secrets, or production systems.
• After the session, if a change does make it into a pull request, Zenity correlates the commit back to the agent flow that produced it, giving security and engineering teams the evidence they need to understand not just what changed, but why the agent changed it.

Block in Real Time, Not After the Damage Is Done

Detection without prevention is just a log entry.

Zenity's AIDR (AI Detection and Response) operates across the runtime and execution layers in real time. When an unsafe action is identified, Zenity can block it before it reaches the repository, secrets store, enterprise application, or production system.

Prompt injection detection

Zenity detects direct and indirect prompt injection across user, AI, and tool planes, helping prevent agents from acting on manipulated instructions.

Destructive action classification

Zenity evaluates cumulative session impact against the user's stated objective. If the agent begins taking actions that exceed the intended task, Zenity can halt the session before damage is done.

Memory and behavioral drift

Zenity detects attempts to poison memory, manipulate long-term context, or influence future agent behavior across sessions.

C2 and exfiltration detection

Zenity identifies suspicious command-and-control behavior, credential exposure, and data exfiltration attempts through agent prompts, tool calls, model output, and execution paths.

One Platform for Security, Compliance, and Platform Engineering

Claude adoption is not owned by one team. Security teams need to detect and stop threats. Compliance teams need auditability. Platform engineering teams need to safely scale Claude across users, projects, and environments.

Zenity gives each team the controls they need from the same platform.

• Security teams can investigate agent activity, detect compromised behavior, and block unsafe execution.
• Compliance teams can preserve structured evidence of Claude activity and map it to audit requirements.
• Platform engineering teams can govern Claude Code, MCP servers, skills, plugins, configuration posture, and agent rollout across the enterprise.

See Zenity for Claude Enterprise in Action

Claude agents don’t pause for security to catch up. Zenity's integration with Claude's Compliance API ensures security teams do not have to either.

By combining Claude activity context with Zenity's full-lifecycle agent security platform, enterprises can govern Claude Code, Cowork, and Chat from configuration to runtime to execution.

Zenity is trusted by Fortune 500 enterprises to secure AI agents everywhere, from discovery and posture management to real-time detection, inline prevention, and response.

Schedule a demo to see how Zenity secures Claude Enterprise across the full agent lifecycle.