Moving to a 'Safe to Use' State: Launch of Security Setting Support for Claude Code
Comix Co., Ltd. has released a complete guide and launched a security setting support plan to help enterprises securely operate the generative AI agent, Claude Code.
📋 Article Processing Timeline
- 📰 Published: April 14, 2026 at 19:00
- 🔍 Collected: April 14, 2026 at 10:31
- 🤖 AI Analyzed: April 19, 2026 at 18:35 (128h 3m after Collected)
While the use of generative AI in business is expanding, concerns about the handling of internal corporate information and the execution of dangerous commands have become barriers to wider adoption.
Particularly in development and business improvement operations, there is a demand to transition from a 'usable' stage to a 'safely and continuously operable' stage.
Comix Co., Ltd. (Headquarters: Maruyama-cho, Shibuya-ku, Tokyo; CEO: Akihiro Suzuki) has released a document outlining the concepts and setup procedures necessary for the safe operation of Claude Code, and has simultaneously launched a 'Security Setting Support Plan' for enterprises.
## Background and Challenges
According to the Ministry of Internal Affairs and Communications' '2025 Information and Communications White Paper,' the percentage of Japanese companies that have established policies for the use of generative AI has risen to 49.7%, and companies using generative AI for some kind of work have reached 55.2%. In particular, 47.3% use it for supplementary tasks such as emails, meeting minutes, and document creation, indicating that generative AI is beginning to permeate not only as a tool for a few advanced companies but as a practical tool for daily operations.
On the other hand, the white paper lists 'security risks such as leakage of internal information' as a top concern when introducing it. Even in the '2024 Information and Communications White Paper,' about 70% of companies expressed concern about the expansion of risks such as information leakage, revealing a reality where expectations for effectiveness and operational anxiety exist simultaneously.
Furthermore, a survey by OpenText and the Ponemon Institute found that while 52% of companies have fully or partially adopted generative AI, 79% have not reached the 'AI maturity' stage where AI implementation and risk assessment are sufficiently conducted. In other words, even as implementation progresses, safe operations such as authority management and setting standardization tend to be postponed.
With practical generative AI tools like Claude Code, incorrect settings can cause work to stop due to unnecessary confirmations, while conversely, loosening permissions too much increases the risk of information leakage and destructive operations. What is needed in the early stages of implementation is an operational design that concretizes 'how much to allow, what to prohibit, and how to standardize.'
## Provided Content
1) Release of the 'Claude Code Permission Setting Complete Guide'
Comix Co., Ltd. is releasing the 'Claude Code Permission Setting Complete Guide,' a document that organizes the concepts and setting methods for operating Claude Code safely and productively. The document download URL will be replaced once finalized.
The document organizes reasons why Permission settings are important, management concepts using a 3-layer scope of Managed/Project/User, a 3-layer defense model combining Sandbox, Permissions, and Hooks, the evaluation order of deny/ask/allow, setting examples for personal and team development, and troubleshooting.
2) Launch of 'Security Setting Support Plan' for Enterprises
In conjunction with the release of the document, we are launching a 'Security Setting Support Plan' to safely operate Claude Code in teams and business divisions. In this support, we will help create a state where continuous operation is possible by sorting out rules that the IT department must enforce, settings that should be shared in projects, and the scope left to individuals, while organizing the initial design of deny/ask/allow, deterrence policies for dangerous operations and confidential information access, and exception handling and sharing methods.
## Features and Strengths
- Support focused on the wall 'after introduction.' We respond to issues of authority management, information leakage, and setting variations that become apparent after you start using it.
- A design that balances safety and productivity. We avoid both stopping for confirmation every time and relying on unlimited execution, and incorporate settings that work in the field.
- Standardization support that does not end with individual settings. Instead of depending on the person in charge, it is based on a reproducible format including team sharing, regulation, and review.
## Expected Users and Use Cases
Expected users are management and business managers who want to advance the use of generative AI but have concerns about information leakage and authority control; information systems departments and development managers who want to break away from individual-dependent use and establish team-standard setting rules; and administrators and project managers who want to deploy safe usage rules to the field without reducing productivity.
As for use cases, the initial implementation phase where you want to sort out operations that should be prohibited, operations that require confirmation, and operations that can be automatically allowed; team deployment where you want to distribute common settings per project to prevent accidents and personalization due to individual differences; and when you want to handle exception responses and internal enlightenment instead of just setting it up and ending it.
Particularly in development and business improvement operations, there is a demand to transition from a 'usable' stage to a 'safely and continuously operable' stage.
Comix Co., Ltd. (Headquarters: Maruyama-cho, Shibuya-ku, Tokyo; CEO: Akihiro Suzuki) has released a document outlining the concepts and setup procedures necessary for the safe operation of Claude Code, and has simultaneously launched a 'Security Setting Support Plan' for enterprises.
## Background and Challenges
According to the Ministry of Internal Affairs and Communications' '2025 Information and Communications White Paper,' the percentage of Japanese companies that have established policies for the use of generative AI has risen to 49.7%, and companies using generative AI for some kind of work have reached 55.2%. In particular, 47.3% use it for supplementary tasks such as emails, meeting minutes, and document creation, indicating that generative AI is beginning to permeate not only as a tool for a few advanced companies but as a practical tool for daily operations.
On the other hand, the white paper lists 'security risks such as leakage of internal information' as a top concern when introducing it. Even in the '2024 Information and Communications White Paper,' about 70% of companies expressed concern about the expansion of risks such as information leakage, revealing a reality where expectations for effectiveness and operational anxiety exist simultaneously.
Furthermore, a survey by OpenText and the Ponemon Institute found that while 52% of companies have fully or partially adopted generative AI, 79% have not reached the 'AI maturity' stage where AI implementation and risk assessment are sufficiently conducted. In other words, even as implementation progresses, safe operations such as authority management and setting standardization tend to be postponed.
With practical generative AI tools like Claude Code, incorrect settings can cause work to stop due to unnecessary confirmations, while conversely, loosening permissions too much increases the risk of information leakage and destructive operations. What is needed in the early stages of implementation is an operational design that concretizes 'how much to allow, what to prohibit, and how to standardize.'
## Provided Content
1) Release of the 'Claude Code Permission Setting Complete Guide'
Comix Co., Ltd. is releasing the 'Claude Code Permission Setting Complete Guide,' a document that organizes the concepts and setting methods for operating Claude Code safely and productively. The document download URL will be replaced once finalized.
The document organizes reasons why Permission settings are important, management concepts using a 3-layer scope of Managed/Project/User, a 3-layer defense model combining Sandbox, Permissions, and Hooks, the evaluation order of deny/ask/allow, setting examples for personal and team development, and troubleshooting.
2) Launch of 'Security Setting Support Plan' for Enterprises
In conjunction with the release of the document, we are launching a 'Security Setting Support Plan' to safely operate Claude Code in teams and business divisions. In this support, we will help create a state where continuous operation is possible by sorting out rules that the IT department must enforce, settings that should be shared in projects, and the scope left to individuals, while organizing the initial design of deny/ask/allow, deterrence policies for dangerous operations and confidential information access, and exception handling and sharing methods.
## Features and Strengths
- Support focused on the wall 'after introduction.' We respond to issues of authority management, information leakage, and setting variations that become apparent after you start using it.
- A design that balances safety and productivity. We avoid both stopping for confirmation every time and relying on unlimited execution, and incorporate settings that work in the field.
- Standardization support that does not end with individual settings. Instead of depending on the person in charge, it is based on a reproducible format including team sharing, regulation, and review.
## Expected Users and Use Cases
Expected users are management and business managers who want to advance the use of generative AI but have concerns about information leakage and authority control; information systems departments and development managers who want to break away from individual-dependent use and establish team-standard setting rules; and administrators and project managers who want to deploy safe usage rules to the field without reducing productivity.
As for use cases, the initial implementation phase where you want to sort out operations that should be prohibited, operations that require confirmation, and operations that can be automatically allowed; team deployment where you want to distribute common settings per project to prevent accidents and personalization due to individual differences; and when you want to handle exception responses and internal enlightenment instead of just setting it up and ending it.