Daylight is pushing managed detection and response into new territory as enterprises rapidly embed AI systems like Claude Enterprise into core business workflows. With organizations increasingly relying on AI for coding, analysis, and automation, Daylight is positioning its MDR service as a critical layer of security for environments where traditional monitoring tools were never designed to operate.
As AI adoption accelerates, security teams are confronting a new category of blind spots: not just what users are doing, but what AI agents are doing on their behalf. This shift is forcing a rethinking of detection and response, particularly as platforms begin exposing richer telemetry while still leaving interpretation and risk analysis to security teams.
Extending MDR Into Claude Enterprise
Daylight today announced that its MDR service now integrates with Claude Enterprise, making it the first provider to deliver detection and response capabilities for AI-native threats within the platform. The integration uses Claude Enterprise audit logs, including activity from Claude chat, Claude Co-work, and Claude Code, to identify risky or anomalous AI usage across the organization.
This allows Daylight to move beyond passive visibility and into active detection, surfacing behaviors such as unauthorized MCP integrations, newly introduced Skills and Plugins, prompt injection attempts, and unusual AI-driven actions across enterprise systems.
Turning AI Activity Into Security Intelligence
While Claude Enterprise provides audit logs that improve transparency, Daylight’s MDR service translates that data into operational security intelligence. The system correlates AI activity with identity, SaaS, endpoint, cloud, and business context to reconstruct events and determine whether behavior represents real risk.
This investigation layer is critical in AI-native environments where a single prompt can trigger multi-system actions. By mapping AI behavior back to users, systems, and data flows, Daylight helps security teams understand not just what happened, but how deeply it propagated across the organization.
Miro Puts AI Security Into Practice
One of the early adopters of the capability is Miro, an AI-led innovation workspace for team collaboration. As Miro deployed Claude Enterprise across its organization, its security team faced the challenge of enabling AI adoption without creating new blind spots or slowing down usage.
“As we adopted Claude Enterprise, we wanted to make sure AI usage didn’t become a new blind spot for our security team.” Mark Strande, CISO, Miro. “Daylight helped us bring Claude activity into our MDR workflow, giving us visibility into AI-native risks and the context to investigate them.”
The deployment reflects a broader enterprise trend: security teams are no longer treating AI systems as isolated tools, but as integrated participants in business processes that require continuous monitoring.
Redefining MDR for AI-Native Threats
According to Daylight, the integration marks an early step toward redefining how managed detection and response operates in AI-heavy environments. Visibility alone is no longer sufficient; organizations need systems that can interpret AI activity in real time and determine whether it represents legitimate use, misconfiguration, or malicious exploitation.
“AI adoption is moving faster than traditional security monitoring was designed to support,” said Hagai Shapira, co-founder and CEO of Daylight. “Claude Enterprise gives organizations important visibility. Daylight’s MDR service turns that visibility into detection and response.”
The capability is available today via Claude Enterprise’s Compliance API, which exposes audit logs across Claude chat, Claude Co-work, and Claude Code. Daylight’s approach builds on this foundation by adding detection logic and cross-system correlation.
The Road Toward Standardized AI Security Telemetry
As enterprise AI platforms continue to mature, Daylight expects logging and observability standards to evolve in parallel. Future support is expected to expand into richer AI telemetry, including prompts, tool calls, Skills, and agent workflows, especially as ecosystems adopt standards similar to OpenTelemetry.
Looking ahead, Daylight anticipates that auditability and security integration will become baseline requirements across enterprise AI platforms, including ChatGPT and Gemini, as organizations demand consistent MDR coverage across all AI-driven environments.
