Secure
Claude Code across your fleet.
Claude Code runs shell commands, edits files, and calls MCP servers with your developers' permissions. Guardbase sees how it's configured, catches the risky setups, and checks every action before it runs.
The Claude Code setups that go wrong.
Claude Code runs with your developer's permissions, so its configuration decides what it can reach. These are the settings, often changed to remove friction, that quietly widen that reach. Detection for them is on our roadmap.
Permission prompts turned off
defaultMode set to bypassPermissions, or broad rules added to permissions.allow. Every action runs without a check.
Sandbox weakened or escaped
sandbox.enabled off, allowUnsandboxedCommands on, or a wide excludedCommands list. Commands like docker then reach the whole host.
Unreviewed MCP servers
Servers added in user or project scope that nobody vetted. STDIO servers run as unsandboxed children of the agent, outside the bash sandbox entirely.
Poisoned memory files
CLAUDE.md and memory files load every session. Instructions planted there run as if they came from the user, on every run after.
Detection turned off
OTEL environment variables stripped from settings.json. The primary signal for everything above goes dark from the next session.
Skills from anywhere
Skills install from arbitrary paths and load instructions the agent will follow. Nobody reviews what they contain.
See exactly how Claude Code gets abused.
45 techniques across 12 tactics, from indirect prompt injection to credential theft to destructive git operations. Each with detection signals and the managed-settings control that stops it.
See the config, control the actions, keep it that way.
See the configuration
Guardbase reads Claude Code's settings, permission rules, hooks, MCP servers, and skills across every laptop, and flags the misconfigurations above.
Check every action
Native hooks route every tool call through Guardbase before it runs. Allow, block, redact, or ask the user, based on identity, context, and risk.
Controls developers can't remove
Enforced through Claude Code managed settings, which take precedence over user, project, and local settings and cannot be overridden.
Native hooks, no changes to the agent.
Claude Code can call out to a hook on each event: before a tool runs, after it runs, and when a prompt is submitted. Guardbase registers on all of them, so every command, file edit, MCP call, and prompt routes through your policy. Deployed through managed settings, the hooks can't be removed by the developer.
Bring Claude Code under control.
See discovery, runtime control, and the gateway running against a setup like yours.
Common questions.
Claude Code is safe to adopt when it's governed. A default install is reasonable, but it runs shell commands, edits files, and calls MCP servers with a developer's full permissions, and its configuration can widen that reach. Guardbase inventories how it's configured across your fleet and controls every action at runtime.
No. Guardbase hooks into Claude Code through its native hook system and managed settings. Developers keep their workflow; the controls run underneath it.
No. The hooks are enforced through Claude Code's managed settings, which take precedence over user, project, and local settings and can't be overridden on a managed device.
Yes. Guardbase inventories both local and remote MCP servers, and can route them through a governed gateway that checks tool descriptions and requests at runtime.
Claude Code today, with Cursor, Codex, Gemini CLI, OpenCode, and Amp on the same footprint. Policies are enforced identically across all of them.
See Claude Code under control.
Book a demo and watch a risky Claude Code action get stopped before it runs.