Claude looks simple. It isn't. And that gap between perception and reality is exactly where risk lives.

I sat down on the first beautiful Saturday of the year to write a breakdown of Claude's components and how you secure them. It turned into an entire afternoon of reading documentation and testing configurations. Not because the documentation is bad, but because the platform is deep. Features connect to features. Capabilities layer on capabilities. And the more I dug, the wider the attack surface got.

That's a problem if you're the one responsible for securing it.

What was supposed to be a standalone blog turned into a multi-part series. In this first part, we're going to map the terrain. Every product, every feature, every component. So when it comes to securing it in Part 2, you'll actually understand what you're defending.

The goal is for the business to open the throttle on what Claude can do without introducing material risk. It’s the only path forward.

Claude has different versions and interfaces to interact with. Like everything in AI, it’s an interweaved tangle of capabilities and fancy names.

Claude: What we all so eloquently know as the chat interface. It combines the old-school chat features with extended thinking, research, and web search. It’s accessible in all the ways you would want, including:

Claude Code: the developer’s dream, this is the agentic coding tool that supercharges every developer and vibe coder (myself included).

Claude Cowork: integrates the agentic powers of Claude Code into Claude Desktop. Think of this as supercharging the general population. No longer do you have to be a developer to get the benefits of Claude Code.

Claude in Chrome: a browser extension that allows Claude to interact with websites autonomously, or as your companion. This works jointly with Claude Code and Claude Cowork.

Now that we have a sense of the products, let’s dig into the features that make Claude so powerful.

Artifacts: Think prototypes, whether it be code, documents, images, or even AI-powered apps. These can be shared with others.

Projects: These are self-contained workspaces with their own knowledge bases, such as documents, text, or code. These allow you to give specific context in the form of documents. The power here is in the ability to use or share these with static background knowledge.

Connectors: a new way of saying MCP server but in a very easy way to share and deploy. They come in two flavors:

Skills: Instant level-ups for Claude in the form of procedural knowledge. These combine instructions, code, and resources (e.g. documents) that improve how Claude executes specific tasks. They all follow the same format, but they can come from different sources:

Plugins: Packages of skills, connectors, and sub-agents that can be distributed across your organization.

All of these components combine to create an incredibly powerful tool. Your workforce can automate the mundane and supercharge the creative. That's the pitch, and it's real.

For the security-minded folks here, you can see some trouble areas. Every feature is a doorway to greater connectivity. Connectors bridge to your SaaS apps and data. Desktop Extensions touch your local file system. Skills shape (or manipulate) agent behavior. Plugins distribute all of the above at organizational scale.

And right now, most enterprises don't even know how many doors they've installed, where they lead, and who is walking through them.

That's why in the next part of this series, we'll start digging into how you need to think about securing each of these components across the enterprise. Because the attack surface isn't just Claude. It's Claude plus everything Claude can touch.

If you have questions about securing AI, let’s chat.