Enterprise security is entering a phase where traditional monitoring boundaries are no longer sufficient. As AI systems move from experimental tools into core business infrastructure, they are generating new types of activity, such as tool calls, autonomous workflows, and plugin interactions, that do not fit neatly into conventional security frameworks.
In response to this shift, Daylight announced that its Managed Detection and Response (MDR) service now integrates with Claude Enterprise, enabling security teams to detect, investigate, and respond to AI-native threats as organizations scale AI adoption across their operations.
AI adoption is reshaping what “activity” means in security
Platforms like Claude Enterprise are increasingly embedded in how teams work. They are used for coding assistance, document analysis, workflow automation, and data summarization, often interacting directly with sensitive internal systems.
As usage expands, security teams are no longer only monitoring human-driven actions. They must also interpret AI-driven behavior that can modify, access, or move data in ways that are not always predictable or transparent.
Claude Enterprise provides organizations with audit logs covering Claude chat, Claude co-work, and Claude Code activity. This represents a significant step forward in visibility, but it also introduces a new challenge: turning raw AI telemetry into meaningful security insight.
From visibility to detection: closing the interpretation gap
Daylight’s integration is designed to address that gap by building detection logic directly on top of Claude Enterprise audit logs. Rather than treating logs as passive records, the MDR platform analyzes them for patterns associated with AI-native risk.
This includes identifying unauthorized or newly introduced MCPs, suspicious Skills or plugins, prompt injection attempts, unusual file access patterns, and anomalous AI-driven behavior that deviates from expected usage baselines.
When such activity is detected, it is automatically escalated into Daylight’s MDR workflow. There, security analysts correlate AI activity with identity data, SaaS usage, endpoint signals, cloud infrastructure, and business context to reconstruct the full scope of an event.
The objective is to move from detection in isolation to investigation with context, answering not just what happened, but how and why it occurred.
“Security teams need action, not just logs”
“AI adoption is moving faster than traditional security monitoring was designed to support,” said Hagai Shapira, co-founder and CEO of Daylight. “Claude Enterprise gives organizations important visibility. Daylight’s MDR service turns that visibility into detection and response.”
The statement reflects a growing consensus in the security industry: visibility into AI systems is becoming widely available, but without structured response mechanisms, that visibility alone does not reduce risk.
Early enterprise use: integrating AI into existing security operations
One of the early adopters of the integration is Miro, which has been deploying Claude Enterprise across internal teams while evolving its security operations model to include AI activity as part of standard MDR workflows.
As adoption scaled, Miro’s security organization focused on ensuring that AI usage did not introduce blind spots into its monitoring environment.
“As we adopted Claude Enterprise, we wanted to make sure AI usage didn’t become a new blind spot for our security team,” said Mark Strande, CISO of Miro. “Daylight helped us bring Claude activity into our MDR workflow, giving us visibility into AI-native risks and the context to investigate them.”
A key application has been tracking newly introduced MCPs and assessing whether they introduce security exposure based on their behavior and system interactions.
AI becomes a first-class security domain
The integration highlights a broader structural change in enterprise security architecture. AI systems are no longer peripheral tools generating auxiliary data; they are active participants in business processes, capable of initiating actions that affect enterprise systems directly.
In this environment, MDR is evolving beyond its traditional role of monitoring infrastructure and endpoints. It is becoming the operational layer responsible for interpreting AI behavior and determining whether it represents normal usage, policy violations, or active threats.
This shift requires security systems to understand not only what users are doing, but also what AI agents are doing on their behalf.
Expanding toward broader AI observability standards
Daylight’s integration with Claude Enterprise is currently available through the platform’s Compliance API, which exposes structured activity data for security use cases. The company expects AI telemetry to expand further as platforms adopt more standardized observability frameworks.
Future capabilities are likely to include deeper visibility into prompts, tool calls, Skills, and agent workflows, particularly as frameworks such as OpenTelemetry become more widely adopted in AI environments.
Daylight also expects similar levels of auditability to emerge across other enterprise AI platforms, including ChatGPT and Gemini, as organizations demand consistent security coverage across their AI ecosystems.
As this happens, AI security is expected to converge with broader security operations, embedding AI behavior directly into the systems responsible for detecting and responding to enterprise threats.