I love efficiency. Any task or workflow I run more than once, I turn into in a script, a skill, an agent or a combination of it. It is converted into repeatable and reusable set of instructions, depending on what it needs, while balancing the use of agentic AI/LLMs vs. good old scripting (why burn tokens, when you can just run a script).
I rarely download skills, but build them myself, because no one understands my context and business needs better than me. Python is my favourite scripting tool (used to be PowerShell on Mac, since I did a lot of hacking with PowerShell popping proprietary products). Now, there is nothing that beats Claude for most of my business and work. OpenClaw is still restricted for non-enterprise non-sensitive work. On the UX-side my absolute favourite tool used to be Notion. But since agentic AI became a regular part of my work, now it’s Claude Cowork integrated with Notion.
Recently, a tech manager asked me my best practices to use Claude Cowork, securely within an enterprise context.
The integration of Claude in general into business has been massive. Claude Cowork is available for enterprise, and it’s being integrated immensely into enterprise workflows, also including into MS apps, Google apps and more. I know others that I know have been integrating it with tools like Microsoft, Google Drive, etc. within their enterprise but without paying any attention to the security aspect of it. A lot of the times as shadow AI.
So, I decided to share my experiences and how I secure my AI agents.
This one’s for you (you know who you are) and for anyone who wants to use the power of Claude Cowork within your organisation safely, securely and without needing to click “Allow” every two minutes. Even though this uses Claude Cowork as the primary example, all of these principles are valid for any agentic AI tool you may be using.
Welcome to The Predictability Factor by Monica Talks Cyber, a weekly deep dive and POV at the intersection of AI, Security, Privacy and Tech, written by a hacker and CISO, to help you Go From Chaos to Resilience in The World of AI. If you haven’t already, do me a favour, hit subscribe and help me make an even bigger impact.
Malicious skills are everywhere. Most of the skills and agents I use in business or for work, I have built and secured them myself. It reduces the risk of all the recent attacks we have been seeing lately across the supply chain. Not saying you should never use external skills, but if you can build, build.
Here are my top and most important security best practices that matter for AI agents you are deploying in your enterprise. Let’s dig in.
Upgrade to Continue Reading
Become a paying subscriber of The Predictability Factor to get access to this post and other premium-only content including bonuses
Upgrade NowA subscription gets you:
- Free access to premium content
- The Ultimate Enterprise AI Governance and Security Maturity Playbook
- My 7-Step enterprise AI roadmap with 50+ real-world examples, actionable insights, 5 key pillars for governance and security, and more
