Enterprise security teams are entering a period where the most active part of their environment may no longer be endpoints or cloud workloads, but AI systems themselves. As generative AI becomes embedded in day-to-day workflows, organizations are suddenly responsible for monitoring behavior that didn’t exist in their security models just a year ago.
That shift is forcing security vendors to rethink what “visibility” actually means. Logs alone are no longer enough. What matters is interpretation, context, and the ability to distinguish legitimate AI usage from risky or malicious activity.
Against that backdrop, Daylight has expanded its managed detection and response (MDR) platform to support Claude Enterprise, the AI system developed by Anthropic. The integration is designed to help security teams detect, investigate, and respond to AI-native threats as enterprise adoption of Claude accelerates.
The Blind Spot Created By Enterprise AI Adoption
The rapid deployment of generative AI tools across enterprises has introduced a category of risk that traditional security stacks were not designed to handle. Employees are using AI systems to summarize sensitive documents, generate code, automate internal processes, and connect to external applications through emerging integration frameworks.
But this productivity boost comes with a trade-off: visibility gaps.
Organizations often cannot easily determine what data is being accessed by AI systems, how prompts interact with sensitive repositories, or whether newly introduced AI extensions, such as Skills, plugins, or MCPs, introduce unintended exposure.
Claude Enterprise has begun addressing part of this problem by exposing richer audit logs, including visibility into Claude chat, Claude Code, and co-working interactions across organizations. However, logs alone do not translate into actionable security intelligence without interpretation.
That gap is what Daylight is targeting.
Turning AI Telemetry Into Actionable Detection
With its latest update, Daylight’s MDR service now ingests Claude Enterprise activity through the platform’s Compliance API and builds detection logic directly on top of AI usage data.
The system is designed to identify emerging AI-specific risks, including unauthorized MCP integrations, suspicious or newly introduced Skills and plugins, prompt injection attempts, abnormal file interactions, and unusual patterns in AI-driven behavior.
Rather than treating AI activity as isolated events, Daylight correlates Claude usage with identity data, SaaS applications, endpoint signals, cloud activity, and broader business context. This allows security teams to reconstruct incidents in a way that mirrors real-world investigative workflows.
In practical terms, it means answering questions like: who initiated the AI action, what systems were involved, what data was accessed, and whether the behavior aligns with expected usage patterns.
“AI adoption is moving faster than traditional security monitoring was designed to support,” said Hagai Shapira, co-founder and CEO of Daylight. “Claude Enterprise gives organizations important visibility. Daylight’s MDR service turns that visibility into detection and response.”
Early Enterprise Adoption At Miro
One of the first organizations to adopt the capability is Miro, which has been integrating Claude Enterprise into its AI-powered collaboration environment.
For Miro’s security team, the challenge was not whether to adopt AI, but how to do so without introducing new blind spots into their security operations.
As Claude Enterprise rolled out internally, Miro needed a way to ensure AI usage could be monitored as part of its existing security workflows rather than treated as a separate system.
Daylight’s MDR integration allowed the company to bring Claude activity directly into its detection and response processes, including monitoring newly introduced MCPs and providing contextual analysis for risk assessment.
“As we adopted Claude Enterprise, we wanted to make sure AI usage didn’t become a new blind spot for our security team,” said Mark Strande. “Daylight helped us bring Claude activity into our MDR workflow, giving us visibility into AI-native risks and the context to investigate them.”
The implementation reflects a broader trend among enterprises attempting to integrate AI tools without disrupting security operations or slowing down adoption.
The Future Of MDR Is AI-Aware
Daylight expects AI observability to become a standard requirement across enterprise platforms as generative AI continues to expand. The company anticipates that similar auditability frameworks will emerge across competing systems such as ChatGPT and Gemini, especially as organizations demand consistent monitoring across all AI environments.
As AI platforms evolve, they are also expected to expose richer telemetry, including prompts, tool calls, Skills usage, and agent-based workflows. Daylight plans to extend its detection coverage accordingly, building MDR capabilities that span across the full spectrum of AI-driven activity.
In many ways, this marks a shift in the cybersecurity landscape. AI is no longer just a tool to be protected; it is becoming an active participant in enterprise workflows that must itself be monitored, analyzed, and governed.
For security teams, the challenge ahead is not just adopting new tools, but redefining what it means to secure a system where decisions are increasingly made by machines.
