Join
1
0 Comments

Daylight Becomes First MDR Provider to Detect AI-Native Threats in Claude Enterprise

by Omri Hurwitz

Across enterprises, AI platforms are rapidly becoming core infrastructure for knowledge work, with Claude Enterprise and similar systems moving from pilot deployments into daily use across engineering, operations, and business teams. As generative AI becomes embedded in workflows for analysis, coding, and automation, the boundary between human and machine-driven activity is blurring, reshaping productivity models while expanding the attack surface that security teams must monitor.

Traditional security monitoring tools were not designed for AI-native environments where prompts, tool calls, and autonomous actions can trigger downstream effects across SaaS, cloud, and data systems. Even as platforms like Claude Enterprise expose richer audit logs, security teams still struggle to translate that visibility into actionable detection and response, leaving a growing gap between AI activity and security interpretation.

From Visibility to Detection

Daylight today announced that its Managed Detection and Response (MDR) service now extends to Claude Enterprise, enabling organizations to detect and respond to AI-native threats as adoption accelerates. The integration leverages Claude Enterprise audit logs, including activity from Claude chat, Claude Co-work, and Claude Code, transforming them into security signals rather than passive records. This allows security teams to understand how AI is being used across the organization and whether that usage introduces risk.

Daylight builds detection coverage for unauthorized MCPs, risky Skills and Plugins, prompt injection attempts, and anomalous file or data activity, enriching each signal with identity, SaaS, endpoint, cloud, and business context to assess impact.

Investigating AI-Native Threats Across the Stack

Beyond detection, Daylight's MDR workflow focuses on investigation and correlation across enterprise systems. When suspicious AI activity is identified, Daylight correlates Claude Enterprise behavior with identity data, endpoint activity, SaaS usage, cloud logs, and business context to reconstruct the full sequence of events. This helps security teams answer critical questions: what happened, who initiated it, what systems were involved, and whether sensitive data or workflows were exposed.

The approach reflects a broader shift in security operations, where AI activity can no longer be treated in isolation but must be analyzed as part of interconnected enterprise systems that include both human and machine-driven actions.

Early Enterprise Adoption: Miro

The capability is already being used by enterprise customers, including Miro, an AI-led innovation workspace focused on team collaboration. As Miro rolled out Claude Enterprise, its security team needed to ensure AI adoption did not introduce new blind spots or slow down usage.

"As we adopted Claude Enterprise, we wanted to make sure AI usage didn't become a new blind spot for our security team." Mark Strande, CISO, Miro. "Daylight helped us bring Claude activity into our MDR workflow, giving us visibility into AI-native risks and the context to investigate them."

The deployment highlights how organizations are beginning to operationalize AI security not as an add-on control layer, but as part of their core detection and response workflows.

Building Security for the AI-Native Enterprise

Daylight's integration arrives as enterprises increasingly demand security tooling that matches the speed and complexity of AI adoption. According to the company, visibility alone is no longer sufficient; organizations need systems that can interpret AI activity and convert it into actionable security outcomes in real time.

"AI adoption is moving faster than traditional security monitoring was designed to support," said Hagai Shapira, co-founder and CEO of Daylight. "Claude Enterprise gives organizations important visibility. Daylight's MDR service turns that visibility into detection and response."

The capability is available today through Claude Enterprise's Compliance API, which exposes audit logs from Claude chat, Claude Co-work, and Claude Code. Daylight expects coverage to expand further as AI platforms adopt richer telemetry standards, including OpenTelemetry-style event models.

Looking ahead, the company anticipates that auditability will become a baseline requirement across enterprise AI systems, including emerging platforms such as ChatGPT and Gemini, as security teams seek consistent detection and response coverage across all AI-driven workflows.

Avatar for Omri Hurwitz Omri Hurwitz
on May 27, 2026
Say something nice to OmriHurwitz…
Post Comment
Trending on Indie Hackers
6 weeks solo, 2 rejections, finally live but nobody told me marketing would be this hard User Avatar 118 comments Building ExpenseSpy solo, no funding — launching June 17 on iOS & Android User Avatar 46 comments I built a $5/1k-listing CRE data API because CoStar is overkill for first-pass scans User Avatar 18 comments Building LinkCover – Day 3: Payment is live. No more building, time to sell. User Avatar 15 comments I just wanted to taste AI coding tools. A week passed. User Avatar 14 comments I Was Bypassing Every App Blocker, So I Built One That Fights Back User Avatar 11 comments