We're trying to implement Claude Code for desktop use in our organization, but we're worried about the potential for users to input harmful scripts that could pose security threats. Despite our concerns, rejecting the use of this tool isn't feasible given the push to implement it. We're exploring various solutions to safeguard our systems. I've heard that Sentinel offers some prompt security features, and we're also considering CrowdStrike AIDR, but it seems limited in preventing prompt injection attacks as it connects to AI platforms mostly through browser extensions or APIs. What solutions are others looking into to mitigate these risks?
1 Answer
You're dealing with a powerful code execution tool here, so you need to frame your security measures accordingly. Here are some solid strategies:
- **Sandboxing**: Use a separate virtual machine or disposable workstation with no production credentials. If you have to use it on the local machine, set up a shared folder that's the only data communication point.
- **Least Privilege**: Ensure users don’t have local admin rights, and require separate credentials for UAC prompts. No cached admin accounts either.
- **Application Control**: Implement an allowlist to make sure only Claude can run, while blocking any unauthorized executables or scripts. Consider limiting access to scripting tools like PowerShell.
- **Network Controls**: Use a proxy with logging that restricts access to necessary domains, and block unregulated outbound connections.
- **Data Constraints**: Define what data Claude can access and back it up with Data Loss Prevention (DLP) strategies for monitored access.
The key is to limit what the tool can access and have any potentially dangerous suggestions go through a human or CI review process. If you can't implement a few of these strategies, I’d advise against launching it without further testing.

Thanks for the detailed advice! Quick question: does Claude Code only have the user's permissions by default, or does it get local admin rights? We use LAPS for local admin passwords, which users don't have access to, so I think that might work in our favor.
Also, app whitelisting has been tough with our current PAM tool; actual apps keep getting blocked, so we're looking for a tool specifically to prevent malicious code without restricting all the native scripts we need. Can you suggest any? And about the VM idea, is it possible to limit Claude's access to just one folder on the network instead of the entire drive?