What It Took to Actually Govern Claude Code Across Our Engineering Team (opens in new tab)

TL;DR Claude Code's attack surface is bigger than most teams realize - two CVEs in early 2026 showed that cloning a repo is enough to get your API keys stolen or run arbitrary code on a developer's machine The four gaps we found: unmanaged API keys, no centralized traffic visibility, no filesystem controls, and MCP servers running completely ungoverned Fixing all four required more than just patching - it needed a different mental model for how a terminal-based AI tool should be treated A few...