Dor Renert

Over the past few months, we have spoken with many security and IT leaders who are in the same position: their organizations are deploying Claude broadly across teams, but they have no idea who actually has access to it, what level of privilege those users hold, or what's happening with the API keys their developers have created. They're governing other application in their stack with rigor, but treating Claude as an exception.

That disconnect has always bothered us. Not only because Claude is unique, but because the same identity logic that protects every other application should apply here as well.

When Anthropic launched the Claude Compliance API, we ceased that opportunity. We're genuinely proud to be one of the integration partners building on it. Anthropic is setting the bar for what responsible enterprise AI deployment looks like, and the Compliance API is a direct expression of that: giving security and IT teams the programmatic access they need to govern Claude the same way they govern everything else that matters. Building on that foundation is something we are excited about.

Here's what we built.

The Linx x Anthropic Integration in Action

Setting it up is simple. Follow the step-by-step integration guide and connect in just 60 seconds. Linx begins pulling data automatically.

Once connected, Claude shows up in Linx as a fully governed application, the same way Salesforce, Okta, GitHub, or any other app in your estate does. From that point forward, everything Linx does for your other applications, it now does for Claude.

What You Can See and Do

Account, Role, and Permission Visibility

The first thing security teams want to know is: who has access, and what can they do? With this integration, Linx gives you a complete view of every account provisioned in Claude, the roles assigned to each user, and the groups they belong to.

You can easily surface administrative roles and identify who holds elevated privileges, and drill into the specific permissions attached to each role. For compliance and least-privilege reviews, this alone is a significant step forward.

AI-Powered Access Certifications

The AI-powered access certifications take the heavy lifting off identity and compliance teams, meaning faster turnaround, fewer errors, and a smoother process end to end.

The new integration allows you to easily review and certify access in Claude, using Linx’s AI-powered access review campaigns. The campaign surfaces every user and their entitlement type, along with AI context and recommendations on whether that access should be approved or denied, powered by Anthropic's own models.

So, you're combining Linx's identity governance context with Claude's intelligence to make faster, smarter access decisions. The reviewer doesn't have to make every call from scratch. They have a recommendation in front of them and the data to act on it.

For teams running quarterly or annual access reviews, this changes the economics of the process considerably. What used to require manual triage across hundreds of accounts can now move in a fraction of the time.

API Key Visibility

One of the less visible but high-stakes risks in any AI deployment is unmanaged API keys. Developers create them, projects get deprecated, people leave the company, and the keys keep existing. Then something goes wrong.

Linx allows identity teams to closely monitor API keys created within Claude: when it was created, associated metadata, and enough context for a security team to evaluate whether it should still exist.

This is the kind of visibility that used to require a manual audit. Now it's continuous.

Project and Resource Governance

Finally, with this integration Linx provides the tools for real governance over projects and shared resources within Claude, with an access graph for each project that shows exactly how access is provisioned.

You see which roles exist, which users hold them, and how access flows through the system. For organizations with multiple teams working across different Claude projects, this provides the resource-level clarity that broad account views can't.

Why This Matters

Security teams have spent years building strong identity governance programs: access reviews, offboarding workflows, least-privilege enforcement, audit trails. Claude is a critical app, and should be governed as such. With this integration, it is.

What makes this feel right to us as product builders is that we didn't create a separate Claude governance tool. We extended the identity fabric that our customers already rely on. Claude is governed in Linx as part of a whole, not as an exception. This means it benefits from everything Linx already does, and security teams don't have to learn a new workflow or platform to govern it.

We're proud to of this integration and to be shaping the future of AI security and governance. Being part of the ecosystem that makes Claude governable at scale is something the Linx team doesn't take lightly.

If you’re new to Linx, schedule a demo to experience truly unified identity governance.

MCP changed how AI agents interact with enterprise systems. By creating a standardized way for AI platforms to connect to applications, databases, and business tools, it dramatically lowered the barrier between AI and enterprise systems.

It also created a governance gap most organizations are not prepared for.

As AI agents gain access to business-critical applications, security teams have no reliable way to inspect actions, enforce policy, or establish accountability before those actions occur. Existing access controls were built for humans. They were not built for agents operating autonomously at machine speed across multiple systems.

Today, we're introducing Linx AI Access Control, a real-time enforcement layer that gives organizations visibility and control over every action taken through MCP.

Why Your Existing Access Controls Can't See MCP Traffic

Most enterprise access controls were designed around a fairly simple model. A user authenticates, receives permissions, performs actions within an application, and those actions are captured in logs that security teams can review later. The process is familiar, and while it isn't perfect, it creates a chain of accountability.

MCP changes that model.

When an AI agent receives a request, it doesn't operate inside a single application. It can invoke multiple tools across multiple systems, make decisions dynamically, and execute actions in seconds. A single prompt might trigger activity across Salesforce, Jira, GitHub, Snowflake, and several internal applications before a human ever sees the result.

The challenge is that traditional access controls cannot inspect activity at the point where those decisions are being made. Application logs can tell you that something happened. They cannot reliably tell you which agent initiated the action, which user was behind it, whether the activity aligned with policy, or whether it should have been allowed in the first place.

Without an enforcement layer sitting between the AI platform and the target application, that context simply doesn't exist.

This is quickly becoming one of the biggest barriers to enterprise AI adoption. According to McKinsey's State of AI Trust in 2026 report, nearly two-thirds of organizations cite security and risk concerns as the primary obstacle to scaling agentic AI initiatives.

Consider a simple example. An organization grants an AI agent read access to Salesforce so it can retrieve customer information. Later, that same agent is prompted to perform actions outside its intended purpose. Who evaluates the request? Who determines whether the action complies with policy? Who records what happened?

For most organizations today, the answer is nobody.

Introducing Linx AI Access Control

As we spoke with customers exploring AI adoption, we kept hearing the same concern.

Organizations understood how to govern people. They understood how to govern service accounts and non-human identities. It’s not perfect, and implementation is hard, but the principles are there. What they didn't understand was how to govern agents.

The problem wasn't a lack of visibility into MCP servers. The problem was a lack of visibility into what agents were actually doing once they got there.

That's why we built Linx AI Access Control.

The MCP gateway creates a dedicated enforcement point between AI platforms and the enterprise systems they access. Every MCP tool call passes through that control point before execution, creating a place where requests can be inspected, policy can be evaluated, and activity can be recorded before actions reach downstream systems.

One of the first design decisions we made was to focus on tool-level governance rather than server-level governance. Connecting to an MCP server is one thing. Determining what an agent can actually do once it's connected is something entirely different. Linx allows organizations to define which specific read, write, and administrative tools an agent can invoke, with policies mapped directly to Linx Access Profiles and governed by role, team, department, or persona.

The gateway also performs policy evaluation in real time. Every request is inspected before execution and evaluated against organizational policy. Approved actions proceed. Violations are blocked before they reach the target application. The goal isn't to investigate risky behavior after it occurs. The goal is to prevent it from occurring in the first place.

Just as importantly, every approved and denied action is captured, timestamped, and attributable. Security teams gain a complete record of activity, including the identity behind the request, the tool being invoked, the action attempted, and the outcome. For the first time, organizations have an investigable record of what agents actually did, not simply what downstream systems recorded.

The Unified Identity Context Advantage

Most MCP governance solutions evaluate requests in isolation. They can see the agent making the request, but they lack the broader identity context required to make accurate policy decisions.

That context matters more than most organizations realize.

When a policy decision is made, Linx can evaluate the human behind the request, the non-human identity the agent is operating as, the access profile associated with that activity, and the specific action being attempted. Rather than looking at a single request in isolation, Linx evaluates the entire identity chain behind it.

This is what allows enforcement to be precise rather than blunt. Without that context, organizations are often forced into a familiar tradeoff. Either permissions become so restrictive that productivity suffers, or access becomes so broad that risk increases.

Because AI Access Control is built directly into the Linx identity governance platform, the same access profile logic already used to govern human and non-human identities extends naturally to AI agents. Organizations don't need a separate governance model for agents. They can extend the one they already trust.

Summary

As AI adoption increases rapidly, we believe AI identity governance should not just keep up, but stay ahead.

We view the MCP Gateway as the core foundation of a broader AI governance strategy, providing real-time enforcement of granular, context driven, policy. We believe it must be coupled with comprehensive agent coverage and the full suite of governance capabilities. That is the only way to treat your agents as the first-class identities they are, and the only path to responsible AI acceleration.

That's why we’re so excited about building a unified, humans and agents, governance platform.

If you want to see Linx AI Access Control in action, join us for an in-person demonstration during Identiverse (June 15-17). To see Linx AI Access Control virtually, schedule a demo with our team to see it live.

TL;DR

• Traditional identity governance relies on periodic review cycles, but point-in-time checks detect risks and misconfigurations long after they are introduced. Organizations need to take a new, modern approach to securing identity.
• Current AI-powered identity security systems are not autonomous. They show alerts and generate recommendations but rely on a human trigger before they start taking action.
• Truly autonomous identity security is a fundamental shift, and that’s where Linx Security’s revolutionary new Autopilot AI comes in. Autopilot evaluates access, assesses risk, and either initiates remediation or escalates to a human when oversight is required.

What Are the Limits of Reactive Identity Security?

Reactive identity security and point-in-time checks can’t keep up with the constant change that characterizes modern identity environments, especially at scale. Employees change roles, contractors rotate in and out, and machine identities created to perform a specific task are no longer needed once the task is done.

Periodic review cycles made sense in a world where identity was changing slowly and the blast radius of a compromised account was limited. But today, a single compromised identity can cascade across different cloud environments, SaaS platforms, and CI/CD pipelines in minutes. 

The 2024 Midnight Blizzard breach at Microsoft proves this point. During this attack, threat actors compromised a single test tenant account, then moved laterally to high-value assets like cybersecurity team accounts and even executives’ accounts. 

The difficult truth? Identity is now the quickest path attackers can take to reach critical systems, and reactive security isn’t enough. (Learn more about why identity breaches are preferred by attackers here.)

How Do Identity Risks Emerge Between Reviews?

Identity risk arises from the slow accumulation of misconfigurations and access changes that happen between governance reviews.

Typically, role drift and privilege accumulation are the most common sources of identity risk in any organization. Even though an access grant for a specific engineer might have been legitimate when it was approved, permissions often persist long after a role change makes them irrelevant.

Access entitlements across multiple systems exacerbate this issue, as a single user might have multiple identities and permissions across different cloud providers, SaaS applications, CI/CD platforms, and other tools. 

Risks don’t live in these systems in isolation. Think of a user who has read-only access to a production AWS account but admin access to a CI/CD pipeline that can deploy resources to that account. Human reviewers and review tools that look at systems independently won’t catch this escalation path.

And the problem compounds when time enters the equation. When someone is granted permanent elevated access to address a particular issue instead of JIT admin access, the window between that change and the next governance review becomes especially dangerous. 

For example, a developer might get admin access to a production environment to help troubleshoot an outage. Though the incident is resolved within hours, the elevated permissions persist. 

If an attacker compromises this account, the blast radius can be significant: They’ll have access to all applications, secrets, and workloads that are running in that production environment. Identity solutions that conduct periodic reviews will eventually catch over-privileged access, but there might be months of exposure in the meantime.

Finally, department restructures happen all the time. In fact, with AI adoption, they’re more frequent than ever. These organizational changes shift the access context entirely. For instance, a team that used to need access to a particular environment may no longer exist in the same form. Despite this shift, their permissions usually stay in place until the next review cycle, resulting in over-privileged access on a team-wide scale.

What Is Reactive Tooling? What Is the Alternative?

Many enterprises believe that they’re keeping pace with risks because they’ve invested heavily in Identity Governance and Administration (IGA) platforms and Privileged Access Management (PAM) solutions. But these tools flag risks long after they’ve been introduced. 

Even the newer generation of identity security tools that have AI and machine learning (ML) capabilities still function as analysis engines. They identify issues and give you recommendations on how to solve them, but they don’t act on your behalf. 

Without automated provisioning and deprovisioning tied directly to lifecycle events, permissions drift between review cycles with no option to correct them.

The organizations that are effectively slashing identity risks are those embracing AI identity security automation in 2026: continuous, always-on coverage from autonomous AI that can detect, prioritize, and remediate access issues in real time, with minimal human oversight.

Why Should You Move From AI Assistance to Autonomous Execution?

Most of what the market calls today “AI-powered identity security” is actually AI-assisted security. As we’ve seen, these tools detect anomalies and generate recommendations. They might identify that a particular user has more privileges than most of their peers or that a service account hasn’t been used for a long period of time. These insights are useful, but AI-assisted tools leave a critical gap between identifying an issue and remediating it.

Depending on a human for input isn’t always the wrong move. Yet workflows where humans have to analyze and act on every notification from AI tools keep engineers trapped in a cycle of alerts. After all, human bandwidth will never be able to match the pace at which identity risks are growing.

To free engineers up to innovate and turbocharge remediation speed, autonomous systems handle straightforward fixes and repetitive actions. They determine when human input isn’t required by evaluating context. Then, they decide on an appropriate response and execute the corresponding workflow. 

By leveraging an autonomous security agent, the entire identity security workflow shifts from “send an alert and a recommendation to a human” to “assess the problem, decide what to do about it, and act accordingly.”

Introducing Autopilot

With Linx Security’s Autopilot, teams can now deploy AI agents that work continuously on their behalf: monitoring their identity environments 24/7, detecting meaningful changes as they happen, evaluating risk in context, and taking action in real time whenever there are issues.

What Does Autopilot Offer?

• Speed and Control: Autopilot evaluates access, assesses risk, and either initiates remediation or escalates to a human when oversight is required, solving the speed-control paradox.
• Governed Autonomy: Autonomy demands trust. Autopilot is designed with that in mind, featuring guardrails and intelligent oversight mechanisms that ensure each autonomous action is carefully controlled. 
• Reduced Alert Fatigue: Unlike AI-assisted platforms, Autopilot reduces alert fatigue by looping in humans only when it’s truly necessary.
• Task-Specific Agents: Each Autopilot agent is an expert at a core identity task, such as identification of access drift, profile tuning, and JIT access approvals.
• A Comprehensive Suite of Tools: Autopilot is part of a three-tier AI architecture, alongside AI enhancements that constantly optimize and refine your data and AI Copilot, a personal AI assistant that makes engineers Linx system superusers.

“Security teams don’t need more noise—they need meaningful leverage,” says Niv Goldenberg, Chief Product Officer and Co-Founder at Linx Security. “Autopilot allows organizations to modernize identity security responsibly, combining continuous AI-driven execution with human expertise.”

Conclusion

In a periodic review model, there’s a gap between when identity risks emerge and when governance catches up. Access changes constantly, governance occurs quarterly, and attackers operate within this window.

With autonomous identity security, this gap is closed by autonomous agents that monitor access changes in real time, evaluate them against an organization's in-play policies, and take immediate action to resolve any issues. 

Autonomous identity security is where Linx stands apart.

“Autopilot marks the beginning of a new chapter for Linx,” says Israel Duanis, CEO and Co-Founder of Linx Security. “Our vision is to build a security platform that doesn’t just inform teams—it operates alongside them. The future of identity security isn’t more alerts or more manual reviews. It’s intelligent systems that continuously strengthen posture while keeping humans in control. This launch establishes Linx as a leader in autonomous identity security and sets the foundation for where our platform is headed.”

If you want to see Autopilot in action, join us for an in-person demonstration during the RSA Conference (March 23–26). We’ll also be hosting a live virtual demonstration on April 9th at 11 a.m. ET.

To see Autopilot live virtually, register for our upcoming webinar on April 9th: Autopilot: Closing the Identity Risk Gap with Autonomous AI, or schedule a demo to get a personalized demonstration.