Abstract editorial illustration of an AI coding agent on a developer endpoint behind a compliance shield, navy and teal, no humans, no readable text, full-bleed.

Radware adds Claude Code protection and agent compliance reports

AIntelligenceHub
··5 min read

Radware extends Agentic AI Protection to cover Anthropic's Claude Code on developer endpoints, with audit-ready reports mapped to ISO 42001, the EU AI Act, and the NIST AI Risk Management Framework.

Radware has extended its Agentic AI Protection product to cover Anthropic's Claude Code, packaging monitoring and governance as audit-ready reports mapped to ISO 42001, the EU AI Act, and the NIST AI Risk Management Framework. The expansion lands as enterprise security teams are asked to show, on paper, how AI agents in production are tracked, contained, and governed, and as coding assistants move from a developer productivity story into an identity and access story.

What Radware added on July 7

The July 7 update adds three layers to Agentic AI Protection that, taken together, are designed to close the gap between "we have agents in production" and "we can prove what those agents are doing." The first layer is a set of monitoring and mapping features that chart agent activity, interactions, and dependencies, so security teams can finally see which applications and services each agent talks to. Until now, agent deployment has often outrun the observability layer underneath it, and security teams have ended up running blind in environments where the agent is the actual user. The second layer is audit-ready reporting aligned to the three standards regulators and auditors cite when they ask enterprises to defend their AI controls. The third, and the most distinctive, is support for developer-hosted agents: coding assistants such as Claude Code that run on a developer endpoint rather than inside a SaaS control plane Radware already monitors. Radware positions Agentic AI Protection as a single product that pairs visibility, governance, and compliance reporting with real-time behavioral defense. The company, better known for application and network security and for distributed denial-of-service mitigation, has been pushing further into AI security as enterprises look to lock down the agents they are deploying. The release also lands in a market that has been filling in fast, with vendors such as Snyk and Microsoft both shipping their own governance layers for AI coding agents in the past two weeks.

Mapping agent controls to ISO 42001 and the EU AI Act

The audit-ready reports are the part of the release that lines up most directly with the policy environment enterprise CISOs are now operating in. ISO 42001, the EU AI Act, and the NIST AI Risk Management Framework are the three documents regulators, customers, and outside auditors reach for when they ask an enterprise to demonstrate AI governance. Radware's reports are designed to give security and compliance teams a paper trail showing how agents are tracked, what data they touch, and how the risks tied to agent-driven work are contained. That paper trail is what most enterprises still cannot produce, and it is the most common reason a board-level AI policy stalls before it becomes a control. The mapping work is also the right answer to a question European CISOs are now getting from data protection authorities: "Show me, in our own logs, where your agents were last week and what they did." Without that paper trail, the answer is usually a guess, and the guess is no longer good enough under the EU AI Act's general-purpose AI obligations. The Radware release does not solve that problem by itself, but it puts a defensible structure underneath the controls enterprise security teams are already trying to run. The reports are designed for the same audience that uses the broader enterprise AI governance stack documented in the Enterprise AI Governance Checklist for 2026, which sets out the controls a security organization needs before an agent can touch a production system. Radware's contribution is the agent-level evidence layer those controls have been missing, and the gap between "we have a policy" and "we can prove the policy is being enforced" is the gap Radware is targeting with this release. The mapping also gives general counsel a single document to point to when an EU regulator asks how the company is operationalizing Article 9 of the AI Act, which is the risk-management obligation that has been the hardest for enterprises to operationalize in practice (the SiliconANGLE writeup of the announcement carries the CTO quote in full).

Closing the developer-host endpoint gap

The Claude Code protection is the more novel addition, because most agent security tooling today assumes agents live inside a SaaS environment the vendor already sees. Claude Code runs on the developer's laptop, with the model context, file access, and tool calls happening outside any central visibility layer. The session is initiated by the developer, the model runs in the Anthropic cloud, and the agent calls tools that are local to the machine: shell commands, file reads, git operations, and any MCP servers the developer has registered. None of that activity is visible to the central security stack by default, which means an agent on a developer's laptop can read a credential, write to a sensitive file, or invoke a tool that touches a production database without leaving a trace in the SIEM. Radware's update extends monitoring to those conversations, governs which tools the agent can call, and watches sensitive data on the local machine. The extension is also a competitive answer to a growing category of coding-agent governance offerings, and it lines up alongside broader platform-level work such as Microsoft's effort to bring the operating system itself into the agent security stack. "Organizations are deploying AI agents across increasingly complex environments, creating new requirements for visibility, governance and security," said David Aviv, Radware's chief technology officer, in the announcement. "These enhancements help organizations better understand agent behavior, support their compliance efforts and help extend protection to AI agents operating across both SaaS and local developer-hosted environments." The full release is available now as part of the Agentic AI Protection product, and the new capabilities apply to customers using both SaaS-based and locally hosted agents. For enterprises that already have agent guardrails in their SaaS environment, the developer-host extension is the part of the story that has been hardest to write down, and it is the part auditors are most likely to ask about next quarter. Auditors are most likely to ask about next quarter, and the article on SiliconANGLE this morning carries the CTO quote in full.

Weekly newsletter

Get a weekly summary of our most popular articles

Every week we send one email with a summary of the most popular articles on AIntelligenceHub so you can stay up-to-date on the latest AI trends and topics.

One weekly email. No sponsored sends. Unsubscribe when you want.

Comments

Every comment is reviewed before it appears on the site.

Comments stay pending until review. Posts with more than two links are held back.

Related articles