Defense in Depth for Claude Code in the Enterprise: A Security Architecture for AI-Assisted Development at Scale

A comprehensive defense-in-depth security architecture for deploying Claude Code in enterprise environments. This paper defines six threat categories specific to AI-assisted development, maps an eight-layer defense framework with verified configuration examples, traces the complete 10-stage prompt lifecycle through AWS Bedrock identifying controls and risks at every stage, documents the 16-level configuration priority system governing how security policies are loaded and enforced, and examines real-world enterprise deployment patterns from organizations including Spotify, the New York Stock Exchange, Honeycomb, and Novo Nordisk. All configuration examples and behavioral claims are verified against Claude Code v2.1.91 and the official documentation. Includes a companion SVG diagram of the prompt lifecycle flow and configuration priority stack.