Enterprise AI Security: Why You Need a Layer Between Your Data and Claude
Anthropic’s Claude Cowork launched this month with a prompt injection vulnerability that lets attackers exfiltrate sensitive documents. The response? “Watch for suspicious actions.”
That’s not good enough for enterprise data.
The Problem with Direct File Access
When you give an LLM direct access to your files, you’re trusting it to never be tricked by malicious content. But prompt injection attacks embedded in documents can instruct Claude to exfiltrate other files—and Cowork’s architecture has no interception layer to stop it.
Stache’s Approach: Middleware Control
Instead of giving Claude direct file access, Stache routes everything through a middleware pipeline you control:
At ingest time:
- Block documents containing prompt injection patterns
- Reject confidential/classified content
- Validate and transform before storage
At query time:
- Filter results by user permissions (ACLs)
- Redact PII before Claude sees it
- Catch any injection attempts that slipped through
The key difference: Claude never sees raw files. It sees pre-processed, filtered content that’s passed through your security policies.
Not a Silver Bullet
Pattern-based detection isn’t perfect, and semantic attacks are harder to catch. But the attack surface shrinks from “everything Claude can access” to “only what passes your middleware filters.”
Read More
I wrote a detailed technical post with code examples for the Stache GitHub Discussions:
- Two-layer prompt injection defense (ingest + query time)
- PII redaction middleware
- Namespace ACL enforcement
- Architecture diagrams comparing Cowork vs Stache
The middleware is plugin-based—install a package and it auto-registers. No code changes to Stache required.