Sign In

Claude Code & Automation for Security Teams

25 min · S5
Module Objective
Claude Code and Cowork are agentic surfaces — they do not just answer questions, they execute tasks. For security teams, this means automating recurring operations: inbox rule audits, detection rule deployment, log processing, scheduled reporting, and infrastructure-as-code management. But agentic AI in a security context carries distinct risk: a script that disables the wrong accounts or a detection rule with a logic error can create the incident you are trying to prevent. This module teaches the workflows and the discipline.
Deliverable: Working knowledge of Claude Code for security scripting, Cowork for delegated security tasks, scheduled automation for recurring operations, and the generate → review → test → deploy discipline that prevents AI-generated automation from causing harm.
⏱ Estimated completion: 25 minutes
SAFE SECURITY AUTOMATION: GENERATE → REVIEW → TEST → DEPLOYGENERATEClaude writes the scriptREVIEWAnalyst reads every lineTESTLab / dev tenant firstDEPLOY + MONITORProduction with observationNever deploy AI-generated security automation directly to production. Always: generate → review → test → deploy.

Claude Code for security scripting

Claude Code (F1) is a terminal-native agentic tool that reads your codebase, writes files, executes commands, and manages git workflows. For security teams, this means generating and maintaining PowerShell scripts, Python automation, KQL detection rules in version-controlled repositories, and infrastructure configuration files.

The difference between using Claude.ai for code generation and using Claude Code is agency. In Claude.ai, Claude generates a script as text in a conversation — you copy it, save it, and run it manually. In Claude Code, Claude writes the script directly to your filesystem, runs it in a test environment, checks the output, fixes errors, and commits the result to git. The workflow is closer to delegating a coding task to a junior developer than to asking a chatbot to write code.

For a security-specific use case: you tell Claude Code “audit all inbox rules across the tenant using the Microsoft Graph API, flag any rules that forward to external addresses or contain financial keywords, and output a report as a CSV.” Claude Code plans the implementation, writes the PowerShell script using the Graph PowerShell SDK, handles authentication and pagination, creates the CSV output, and runs a test. You review the script, verify the output, and approve the commit.

Cowork for delegated security tasks

Cowork (F1) executes multi-step tasks autonomously on your desktop. For security teams, Cowork handles tasks that are important but do not require real-time analyst attention: organizing evidence folders from an investigation (renaming, categorizing, and structuring files according to your case folder template), processing KAPE output files (reading multiple CSVs and producing a unified summary), compiling a weekly security metrics report from multiple data sources, and formatting investigation notes into the IR report template.

You describe the outcome, share the relevant folder, and check back when Cowork is done. The output is delivered directly to your filesystem — not as a conversation response but as actual files you can open, review, and use.

Computer Use extends Cowork’s reach to applications that do not have APIs. Claude can control your mouse and keyboard to navigate web portals, fill in forms, export data from dashboards, and automate browser-based workflows in security tools. For security teams, this means automating tasks in portals that only have a GUI — exporting reports from tools that lack an API, navigating compliance platforms to submit documentation, or extracting data from legacy security tools.

Scheduled automation

Both Claude Code and Cowork support scheduled tasks — automation that runs on a recurring basis without manual prompting.

Security-relevant scheduled tasks include: a weekly inbox rule audit that checks all tenant mailboxes for suspicious forwarding rules and sends a summary to the SOC channel, a Monday morning PR review that checks your detection rule repository for pending changes, a monthly compliance report that compiles metrics from multiple sources and formats them into your board report template, a daily sign-in anomaly check that runs a predefined KQL query and flags any results for analyst review, and a weekly dependency audit on your security tooling repository that checks for outdated packages with known vulnerabilities.

Scheduled tasks in Claude Code run while your machine is connected. They execute the defined workflow at the specified interval, save the output to the designated location, and can be configured to notify you (via Slack Connector or email) when results require attention.

Worked artifact — scheduled security audit task:

# Claude Code scheduled task definition
# Run weekly: Monday 07:00
# Task: Audit tenant inbox rules for financial keyword forwarding

Description: Connect to Microsoft Graph, enumerate all inbox
rules across the tenant, flag any rule that forwards to an
external address or contains keywords (invoice, payment, wire,
bank, transfer, remittance). Output a CSV report to
/reports/weekly-inbox-audit/. If any rules are flagged,
send a summary to the #soc-alerts Slack channel.

Requirements:
- Use Microsoft Graph PowerShell SDK
- Authenticate using the service principal in .env
- Include: mailbox, rule name, conditions, forward address
- Compare forward addresses against the corporate domain list
- Save CSV with timestamp: inbox-audit-YYYY-MM-DD.csv
- Slack notification only if flagged rules found

This task definition is what you provide to Claude Code when setting up the scheduled task. Claude Code implements the script, tests it, and schedules the execution. You review the script before approving the schedule.

The human-in-the-loop requirement

Agentic AI in security operations requires a clear boundary between what Claude can do autonomously and what requires human approval.

Claude can generate autonomously: scripts, queries, reports, documentation, analysis, and file organization. These produce output that the analyst reviews before action.

Claude must not execute autonomously: account disabling, token revocation, firewall rule changes, email purges, device isolation, or any containment action that affects production systems. These are destructive actions that require human judgment about business impact, timing, and scope.

The boundary is simple: Claude can create and recommend. Claude must not execute destructive actions without explicit human approval. When setting up Claude Code or Cowork for security tasks, configure the tool permissions to restrict write access to approved directories and block execution of commands that modify production infrastructure.

MCP integration for security tools

MCP Connectors (F1, F2) extend Claude’s reach to external systems. For security teams, custom MCP servers can connect Claude to proprietary security tools — your SIEM, your ticketing system, your threat intelligence platform, your CMDB.

The built-in Connectors (Gmail, Slack, GitHub, Google Drive) cover many security workflows out of the box. For organizational tools that lack built-in Connectors, custom MCP servers bridge the gap. Building a custom MCP server requires development effort, but the result is a Claude that can query your SIEM data, create tickets in your incident management system, and pull enrichment from your threat intelligence platform — all within the conversation.

Compliance Myth
"AI-generated scripts are too risky to use in production security operations."
Production reality: The risk is not in the generation method — it is in the deployment process. A Claude-generated PowerShell script that has been reviewed line by line, tested in a lab environment, and deployed with monitoring is exactly as safe as a manually written script that went through the same process. A manually written script that was deployed without review is riskier than a Claude-generated script that was reviewed. The generate → review → test → deploy discipline makes AI-generated automation safe. Skipping any step — regardless of who wrote the code — is what introduces risk.

Try it: Generate and review a security script

If you have Claude Code installed, navigate to a test directory and ask Claude Code to write a PowerShell script that lists all conditional access policies in your Entra ID tenant using the Microsoft Graph PowerShell SDK, including the policy name, state (enabled/disabled/report-only), and target users/groups. Review the generated script line by line: does it use the correct Graph cmdlets? Does it handle authentication properly? Does it include error handling? Run it in your dev tenant. This exercise practices the generate → review → test workflow with a read-only script that carries no production risk.

Knowledge checks

Check your understanding

1. What is the key difference between generating code in Claude.ai versus using Claude Code?

Agency. In Claude.ai, Claude generates code as text in a conversation — you copy, save, and run it manually. In Claude Code, Claude writes files directly to your filesystem, executes commands, runs tests, checks output, fixes errors, and commits to git. Claude Code acts on the codebase rather than just describing what code should look like.
Claude Code uses a better model
There is no meaningful difference

2. You want to automate a weekly inbox rule audit that flags suspicious forwarding rules and notifies the SOC team. Which Claude surface and capability should you use?

Claude Code with a scheduled task. Claude Code writes the PowerShell audit script, tests it, and schedules it to run weekly. The scheduled task executes automatically, generates the report, and uses the Slack Connector to notify the SOC channel if suspicious rules are found. The analyst reviews the script before approving the schedule.
Claude.ai — ask for the script each week
Cowork — delegate the weekly task

3. Claude Code generates a containment script that disables a compromised user account and revokes their sessions. Should you configure this to run autonomously?

No. Destructive actions that affect production systems — account disabling, token revocation, device isolation — must require human approval. Claude can generate the containment script and recommend when to execute it. But the execution decision must be made by the analyst, who can assess the business impact (is this user in a critical meeting?), the timing (is this during a change freeze?), and the scope (are we sure this is the right account?). Generate and recommend: autonomous. Execute destructive actions: human approval required.
Yes — faster containment reduces attacker dwell time
Only if the detection rule confidence is High

Key takeaways

Claude Code acts, Claude.ai describes. Use Claude Code for security scripting that needs to be written, tested, and maintained in a repository.

Cowork handles delegated tasks. Evidence organization, report compilation, data processing — describe the outcome and check back when done.

Scheduled tasks automate recurring operations. Weekly audits, daily checks, monthly reports — configured once, run automatically.

Generate → review → test → deploy is non-negotiable. The discipline applies to every piece of AI-generated automation, regardless of the surface.

Destructive actions require human approval. Claude generates and recommends containment. Humans approve and execute.

Module Complete
Security automation operational: You understand Claude Code for security scripting, Cowork for delegated tasks, scheduled automation for recurring operations, MCP integration for security tool connectivity, and the human-in-the-loop discipline that makes agentic AI safe in security operations.
Next module → S6: AI Security Risks & Governance
© 2026 Ridgeline Cyber Defence™ Ltd. Content may not be reproduced or redistributed. Worked artifacts may be adapted for use within your organization.
← AI Security Risks & Governance Compliance & Policy Generation →