Agentic AI is moving fast. Claude Code, Cursor, and similar tools are already embedded in development workflows across your organization: writing code, accessing repositories, making API calls, and interacting with MCP servers. But here’s the problem: most security and IAM teams have zero visibility into what these agents are actually doing.
No audit trails. No attribution. No way to know if an AI agent just leaked a secret or accessed something it shouldn’t have.
This isn’t a hypothetical risk. AI agents operate at machine speed, making dozens of decisions and API calls in seconds. They authenticate to services, pull data from repositories, and interact with external servers, all while your security stack treats them like any other developer tool. The difference?
Traditional developer tools don’t make autonomous decisions. AI agents do.
Enterprise Security for AI Agents & Non-Human Identities
Introducing Agentic Intent Monitoring for Claude Code
We built a Claude Code plugin that gives you real-time visibility into every AI agent session, request, and action. Setup takes minutes via the Claude marketplace, and once installed, Entro automatically logs:
- Every prompt and session tied to human user and non-human identities
- MCP server requests and responses with full context
- Intent classification for each interaction
- Endpoint origins and the identities agents use to take action
The plugin works passively: monitoring tool usage through hooks, capturing remote MCP activity, and sending structured logs to the Entro platform. You get full visibility without disrupting developer workflows.
Here’s what that looks like in practice. When a developer prompts Claude Code CLI to refactor a module, the plugin captures the session, logs the non-human identity being used (like a GitHub Personal Access Token), tracks which MCP servers the agent contacts, and records the full request and response chain. If that agent accesses a secret, uses a non-human identity, or behaves in a way that deviates from normal patterns, you’ll know immediately.
Understanding Intent, Not Just Actions
Logging agent activity and calls is table stakes. The real value is understanding why an agent did something.
Entro enriches every Claude Code session with intent analysis, with an inhouse SLM (small language model) that looks at the full interaction context we log: the prompt, the sequence of tool invocations, and the MCP request/response flow. Instead of treating agent actions as a pile of disconnected events, Entro groups them into a coherent narrative and tags what the agent is trying to achieve.
What are “commands” and “skills” in Claude Code?
When an agentic CLI like Claude Code works, it does not just “think”. It uses tools, often authenticated by NHIs like tokens and service accounts.
- Commands are the specific tool calls Claude executes. In GitHub for example it includes reading files, searching the code repo, listing PR context, and triggering workflows.
- Skills are the repeatable workflows made up of many commands, like in GitHub “refactor a module”, “trace a bug” or “map a repository”.
The same model applies beyond code repos. Different tools and MCP servers expose different actions for the AI agents to use.
Entro captures the users’ prompts across connected tools, correlates them with MCP request/response activity as monitored sessions. That way you can separate normal development activity from sessions that resemble reconnaissance, risky secret handling, or other anomalous behavior that calls for an audit.
Why This Matters for IAM and Security Teams
As agentic AI scales across your organization, you need the same level of observability you have for every other critical system. This plugin delivers that by solving three critical challenges:
Audit trails for agentic AI. See exactly what agents are doing, which MCP servers they’re hitting, and whether they’re exposing secrets or non-human identities in the process. Whether you’re responding to an incident, conducting a security review, or demonstrating compliance, you’ll have the evidence you need.
Complete attribution. Know which local user initiated an action, which identity the agent used, and whether behavior originates from the LLM or the owner. When an AI agent authenticates to a service or makes a privileged API call, you’ll have full context: who authorized it, what identity was used, and whether the action aligns with expected behavior.
Proactive anomaly detection. Catch suspicious activity before it becomes an incident. Intent classification helps you identify deviations from normal patterns in real time. Log everything, trace everything, and focus investigation efforts where they matter most.
Agentic AI Security, Extended
This capability is a natural extension of what Entro already does: secrets management and NHI protection. As AI agents scale across your organization, monitoring their behavior complements managing the identities and credentials they use.
AI agents are part of your broader identity and secrets ecosystem. They use credentials, access sensitive systems, and operate with privileges that need to be managed, monitored, and audited like any other identity in your environment. Entro’s MCP audit capability provides that visibility.
Get Started
Ready to see what your AI agents are doing?
Talk to your Entro rep about expanding visibility across your agentic AI stack or if you don’t have one get started with Entro now!
