//Question

What are the security risks of using Claude Code in an enterprise environment?

Posted on 09th July, 2026

William

William

//Answer

Claude Code and similar AI coding agents introduce a category of risk that goes beyond what typical developer tooling carries, because these agents can read and modify source code, execute commands, and in some configurations reach systems or credentials that a conventional linting or CI tool would never touch. The risk is not that the agent behaves maliciously on its own, but that its capabilities create a larger attack surface if something manipulates its behavior or if its permissions are set too broadly.

One key risk is prompt injection delivered through the codebase itself, where a malicious instruction hidden in a code comment, a dependency's documentation, or an issue description gets interpreted by the agent as a legitimate instruction rather than as untrusted content. Another is unintended execution of destructive commands, particularly in agent configurations that allow shell access without requiring approval for each action. A third is exposure of sensitive credentials, which becomes a real concern when an agent has broad file system or repository access that includes configuration files or environment variables containing secrets.

These risks scale with the level of autonomy and access granted to the agent. An agent restricted to read only access on a single feature branch carries far less risk than one with write access to production infrastructure repositories. Enterprises are increasingly applying the same agentic AI security controls to coding agents that they would apply to any autonomous AI tool with system access, including discovery of where these agents are running and guardrails around what they can do, which is the kind of coverage Akto's Atlas is built to provide across an organization's AI agent footprint.

Comments