We're finding out quickly that enterprise endpoints are not locked down anywhere near enough, and the stuff that users are creating on the local endpoints is quickly outpacing the rate at which SOC teams can investigate what's going on.
If you're using Claude via Anthropic's SaaS service it's near impossible to collect logs of what actually happened in a user's session. We happen to proxy Claude Code usage through Amazon Bedrock and the Bedrock logs have already proven to be instrumental in figuring out what led a user to having repeated attempts to install software that they wouldn't have otherwise attempted to install - all because they turned their brains off and started accepting every Claude Code prompt to install random stuff.
Sandboxing works to an extent, but it's a really difficult balance to strike between locking it down so much that you neuter the tool and having a reasonable security policy.
If you are big into logs, OpenAI might be more your speed. They've got an extremely good logging UI in their platform web app. I use it all the time to figure out what the hell copilot was thinking.
Look, as a software dev myself, I really like that my company lets us use our computers the way we see fit. Pre- or post-AI with no restrictive lockdown. Been there, hated that.
But I totally get the freaking out over "normal devs". The amount of stuff most people think is reasonable, AI or not, is mind boggling. For myself of course I like to just be able to be responsible myself. But as a security team I'd also be freaking out.
Like, the amount of people that find our super boring, totally corporate "security training videos", helpful and insightful and "oh dang I'd never have thought of that!" is mind boggling all by itself. Never mind any actual security training that'd be useful to someone with half a brain. You can literally just click through the 8+ hours of stuff you're supposed to watch / answer / do in 30 minutes.