Daylight expands MDR into Claude Enterprise to address emerging AI security risks
Daylight is extending managed detection and response into Claude Enterprise, turning AI activity telemetry into actionable security investigations. The move signals a broader shift toward treating enterprise AI platforms as critical infrastructure requiring continuous monitoring.TL;DR
As enterprises race to embed generative AI into daily operations, security teams are confronting a new category of threats that traditional monitoring systems were never designed to handle. From AI-powered workflow automation to code generation and document analysis, enterprise AI platforms are rapidly becoming operational infrastructure. But with that shift comes a growing concern: organizations often lack visibility into how AI systems are being used, what data they access, and whether those interactions introduce security exposure.
That challenge is driving a new market for AI-native security monitoring. This week, Daylight announced that it is allowing organizations to detect and investigate AI-native threats tied to enterprise AI usage.
The move positions Daylight among the first MDR providers focused specifically on monitoring risks emerging from enterprise AI environments rather than solely from traditional SaaS, cloud, or endpoint infrastructure.
AI adoption across enterprises has accelerated dramatically over the past year. Organizations are increasingly using tools like Claude Enterprise for summarizing internal documents, generating software code, automating repetitive workflows, and connecting AI systems to broader business applications.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
But as AI becomes embedded into everyday work, security teams are discovering new blind spots.
According to Daylight, risks now extend beyond conventional cybersecurity concerns into areas unique to AI ecosystems. These include unauthorized or risky MCPs (Model Context Protocol integrations), malicious prompt injection attempts, unsafe plugins and Skills, suspicious file interactions, and unusual AI-driven behavior patterns.
Claude Enterprise has begun exposing more activity telemetry through audit logs and compliance-focused APIs, giving organizations deeper visibility into how employees interact with the platform. However, raw telemetry alone does not necessarily help security teams determine whether a specific activity represents a real threat.
That gap is where Daylight says its MDR platform fits in.
“AI adoption is moving faster than traditional security monitoring was designed to support,” said Hagai Shapira, co-founder and CEO of Daylight. “Claude Enterprise gives organizations important visibility. Daylight's MDR service turns that visibility into detection and response.”
When a potentially risky activity is identified, Daylight correlates AI usage with broader identity, SaaS, cloud, endpoint, and operational context. The goal is to help organizations determine not only what happened, but also who initiated the activity, what systems or data were involved, and whether the event represents meaningful business risk.
This broader contextual approach reflects a growing realization in cybersecurity that AI systems cannot be monitored in isolation. AI activity increasingly intersects with sensitive business workflows, internal repositories, developer environments, and third-party integrations.
Industry observers expect this category of AI observability and AI detection tooling to expand rapidly as enterprises move from limited experimentation to large-scale deployment of generative AI platforms.
Daylight says the current integration is only the beginning of broader AI security coverage. The company plans to expand visibility into additional AI telemetry sources, including prompts, tool calls, Skills, and agent workflows as enterprise AI platforms expose more logging capabilities and OpenTelemetry support.
The company also expects similar auditability standards to emerge across competing enterprise AI ecosystems.
That evolution could reshape how security operations centers monitor enterprise environments in the coming years. Historically, security monitoring focused on endpoints, identities, networks, and cloud infrastructure. Increasingly, however, AI systems themselves may become another critical layer requiring continuous detection and response coverage.
For enterprises rapidly operationalizing generative AI, that shift may soon become less optional and more foundational.