One AI Tool, Four Threat Surfaces: The Enterprise Guide to Governing Claude

Most enterprise AI security frameworks are built around a flawed assumption: that a given AI tool lives in one place.

Block the domain. Restrict the app. Add a browser policy. Problem contained.

Claude doesn’t work that way. Anthropic’s platform has expanded into four distinct enterprise surfaces — each with its own risk profile, its own technical architecture, and its own governance requirements. A policy that covers one surface is all but useless against the others. And attempting to block your way out of the problem only drives usage underground, where you have even less visibility.

This is the challenge enterprise security and IT leaders are navigating right now. Here’s how the most effective organizations are thinking about it.

Understanding the scope of the problem starts with mapping where Claude actually lives inside your organization.

1. Claude.ai (Browser)
   The most familiar surface. Employees access Claude directly at claude.ai through any browser, on corporate or personal devices. This is where most enterprises start their governance efforts — and where browser-level DLP and monitoring tools have the most traction.

Key risks: Sensitive data pasted into chat sessions; unmonitored browser sessions on personal devices; no organizational audit trail.

Governance approach: Browser extension for real-time prompt interception; DLP rules configured at the session level; redirect capabilities to route users to organizational AI tools.

2. Native Apps (Claude in Microsoft 365 and other platforms)
   Claude is embedded inside Excel, Word, and increasingly other third-party platforms. Employees using these integrations may not even think of themselves as “using Claude” — they’re just using their normal tools. That’s precisely what makes this surface so difficult to govern.

Key risks: PHI, financial data, or confidential documents processed through integrated AI without organizational visibility; no token-level audit trail.

Governance approach: Connect via Microsoft account integration to stream interactions into a central control tower; token-level revocation capabilities for non-compliant usage.

3. Claude Code (Developer CLI/IDE)
   The most complex surface. Claude Code runs natively in developer terminals and IDEs, executes bash commands, accesses local file systems, and integrates with MCP servers for external tool calls. It operates agentically — meaning it can chain actions without explicit user confirmation at each step.

Key risks: Proprietary code exposed in prompts; credentials and API keys detected or generated; ungoverned MCP server connections; no default audit trail for tool calls.

Governance approach: AI gateway routing to intercept all traffic before it reaches Anthropic’s API; MCP gateway for pre-approved tool access; comprehensive prompt/response/tool call logging; guardrails for DLP, prompt injection, and responsible AI.

4. Claude Co-work (Persistent Shared Workspaces)
   The hardest surface to govern. Claude Co-work creates persistent, shared AI workspaces where data accumulates over time and multiple users collaborate. Unlike a chat session that ends when the browser closes, Co-work data persists — and attribution is minimal.

Key risks: Sensitive data (M&A strategy, negotiation documents, HR files) accumulating in shared workspaces; no attribution controls; no standard audit trail.

Governance approach: Same AI gateway approach as Claude Code; admin-level push of gateway configuration to all users; full interaction logging with user attribution.

A critical insight for security teams: what works on one surface does not transfer to another.

Browser-level DLP is excellent at catching sensitive data in Claude.ai chat sessions. It does nothing for a developer running Claude Code in a terminal. A gateway that intercepts Claude Code API traffic doesn’t touch the data flowing through Claude’s native app integrations.

The organizations that are getting this right are deploying surface-specific controls within a unified governance architecture — so that each tier has appropriate oversight, while all visibility flows into a single control plane.

Before you can govern Claude, you need to know where it is. That means investing in comprehensive shadow AI discovery — not just looking at browser traffic, but scanning across all the vectors where Claude (and AI broadly) might be operating in your environment.

A mature discovery framework covers:

1. Browser-level monitoring
2. Device/endpoint-level detection
3. Network traffic analysis
4. API scanning
5. GitHub and code repository scanning for AI usage signals (API keys, model provider credentials, orchestration framework calls
6. Integration scanning (connected third-party platforms)
7. Native app monitoring

Each layer adds signal. Collectively, they give you the comprehensive view required to make informed governance decisions — and to know what you’re governing before you try to govern it.

The final challenge is durability. Claude’s capabilities are evolving rapidly. Claude Code adoption is accelerating. The compliance API just launched for enterprise users. Claude Co-work is adding features. New surfaces will emerge.

A governance framework built for today’s Claude will be inadequate in six months. The organizations building durable AI governance programs are focused not on solving the current problem, but on building a platform they can grow into — one that surfaces new capability risks as they emerge, and gives security teams the flexibility to adapt controls without starting from scratch.

That means:

• Dashboards that surface what’s being used, how, and at what cost — across all surfaces
• Configurable guardrails that can be updated as compliance requirements evolve
• SIEM integration so that AI interaction data flows into existing security workflows
• Framework mapping for EU AI Act, ISO 42001, NIST, Colorado Act, and others — with pre-built guardrail packages for each
• Data retention controls that respect organizational policy, with zero-retention options and export capabilities

Claude is not a single threat surface. It’s a platform with four distinct enterprise footprints, each requiring tailored controls, unified under a governance architecture that can keep pace with Anthropic’s — and your employees’ — pace of adoption.

Visibility first. Controls second. Governance always.

Ready to see what enterprise Claude governance actually looks like in a live environment?

In our webinar, What It Actually Takes to Secure Claude in the Enterprise, Airia Solutions Consultant Anders Erickson walked through a full platform demo — covering all four Claude surfaces, live gateway configuration, MCP server governance, and real-time guardrail setup.

Watch the full webinar →