Who Owns Claude Code at Your Company? A Platform Team's Guide for 2026

A platform team lead at a 600-engineer fintech told me last month that nobody at her company had answered a basic question. Anthropic invoices arriving with five-figure totals. Developers committing code substantially written by Claude Code. Security asking about source-code egress. Finance asking about chargeback. Legal asking whether the IP terms in the Anthropic MSA pass through to customer contracts. Nobody formally assigned to answer any of it.

That’s the 2026 version of the shadow-IT question that ate cloud spending in 2014 and SaaS sprawl in 2019. The question this time is sharper: who owns Claude Code at your company? Not the budget. Not the licensing. The control plane, the audit trail, the guardrails, the chargeback, the kill switch.

This post is for platform team leads. Platform-led with a security override is the default that holds up best across the five org patterns we see. The other four have predictable failure modes that get expensive at production scale.

The question and why it matters now

Claude Code crossed a threshold in late 2025 that changed who needs to care. The average engineering team running it daily was producing token bills in the $800 to $2,400 per developer per month range, with the top decile on Opus 4.7 driving bills past $5,000 per developer per month in heavy weeks. Aggregate that across 200 engineers and finance is going to read the line item.

Three things happen at that scale, simultaneously.

First, Claude Code becomes a procurement line item. Once it passes about $250K of annual run-rate, most companies require a security review, a contractual SLA, and a budget-owner sign-off. The platform team usually gets asked to provide those, often without anyone telling them.

Second, source-code egress becomes load-bearing. Claude Code by default ships file contents to api.anthropic.com. That’s fine for many companies and unacceptable for some. The “is fine” calculus depends on which repository, which directory, which file. Nobody owns that calculus by default.

Third, developer velocity starts depending on Claude Code being available. Once 35-55% of engineering uses it daily, an Anthropic outage of 90 minutes is a measurable hit to commit throughput. The platform team gets paged for a tool they didn’t procure.

The question isn’t theoretical. It decides who gets paged at 2am when Anthropic returns 529s, who signs the BAA when a healthcare customer asks, who approves a budget exception for a launch, and who gets to say “no, we aren’t running Claude Code against this repository.”

The five common ownership models

In the 50-plus conversations we have had with platform leads since January, the same five patterns keep appearing. Each has a name now because each has a distinct failure mode.

1. Shadow-IT

Nobody owns it. Developers expense Claude Pro on corporate cards or sign up with personal emails. The CLI runs unmanaged on laptops. Procurement notices line items in Q3 finance review. Security finds out when someone leaks a Slack message into a session and triggers DLP.

This is where the majority of mid-sized companies were in 2025. Roughly 70% of platform leads we spoke to said their company had been here within the past six months. About 30% admitted they were still here.

2. Dev-led

Engineering owns Claude Code. A staff engineer in the DevX guild becomes the de facto buyer. Each team picks how to use it, what model to default to, which repos to allow. There’s a Slack channel called #claude-code-tips and a Notion page nobody reads.

This is fast. It’s also where the compliance signal gets lost. The DevX guild is excellent at picking the right model for a workload; they aren’t equipped to negotiate a data-processing addendum, run an SSO audit, or stand up forensic logging legal can subpoena.

3. Platform-led

Platform owns the control plane. They run the gateway, the chargeback rollup, the SSO integration, and the guardrails. Developers consume Claude Code through a managed surface. New repos get added through a self-serve flow.

This is where the most mature companies have landed. About 22% of platform leads we spoke to said they were here in 2026. The strength is that velocity and compliance converge. The weakness is that the platform team’s plate is already full.

4. Security-led

Security or IT owns Claude Code. They approve every integration, every new repo, and hold the keys to the gateway. Developers route through whatever surface security has approved.

This is the safest. It’s also the slowest. We have watched security-led rollouts take six to eight months from pilot to GA, by which time developers have lost interest and gone back to shadow IT. Security-led works when the regulatory regime forces it; it tends to fail elsewhere because the velocity penalty is too steep.

5. Hybrid

A steering committee owns it. Platform builds the control plane. Security approves the policy. Engineering owns the rollout. Procurement signs the contract. Monthly review, quarterly executive readout.

Hybrid sounds reasonable. In practice, hybrid is what shadow-IT turns into when an executive notices the line item and demands “alignment.” The committee meets. The committee disagrees. The committee escalates. Six weeks later, nothing has shipped, and developers are back to personal Pro accounts.

The failure modes

Each of the five has a predictable way it falls over at scale.

Shadow-IT fails on compliance. A developer commits Claude-generated code containing a customer’s internal naming convention. The customer asks how the string ended up there. The company can’t reconstruct the audit trail. Remediation is a contractual concession plus three months of retroactive policy work.

Dev-led fails on procurement. The line item crosses the threshold where finance wants a single bill, a single MSA, and a chargeback split by team. The owner is a staff engineer, not a procurement officer. Six months in, finance imposes top-down rationalization that breaks the workflows the staff engineer built.

Platform-led fails on bandwidth. The platform team already runs CI, the artifact registry, observability, the deploy pipeline, the secrets system, and now Claude Code. The new responsibility lands without new headcount. The control plane gets built but eval and continuous improvement are underinvested. The cost curve flattens but doesn’t decrease.

Security-led fails on velocity. Adoption stalls because the approval queue is six weeks deep. Developers route around it. ”% of engineers using Claude Code daily” plateaus at 12-18% in security-led orgs, versus 35-55% in platform-led orgs. Shadow-IT comes back inside the same company.

Hybrid fails on decision velocity. Nobody can say no fast enough, and nobody can say yes fast enough. The committee turns into a status meeting. The chair is a director with fourteen surfaces to cover; Claude Code falls off the agenda when something else burns. Hybrid is the model most likely to produce a nine-month rollout that gets shelved.

The 2026 default: platform-led with security override

Platform-led wins in three out of four common verticals. The velocity penalty is small, the compliance story is recoverable, the chargeback is built-in, and platform is the natural home because they already operate every other internal surface that resembles this one.

The “with security override” qualifier matters. Security doesn’t own the rollout, but holds three vetoes platform can’t override:

1. Data classification veto. Security defines which repositories aren’t allowed to send context to api.anthropic.com. The platform team enforces at the gateway.
2. Vendor risk veto. Security signs off on the Anthropic contract and any model swap. Adding a non-Claude provider requires a new vendor review.
3. Incident veto. Security can pull the kill switch at the gateway if there’s an active breach or DLP event. The platform team operates the switch; security decides when to throw it.

This is the same pattern that worked for cloud spend: platform operates the control plane, security holds narrow vetoes, finance reads the chargeback, engineering consumes the surface. The pattern took ten years to settle on the cloud side. We don’t have ten years on the AI side. Skip to the answer.

For regulated industries (defense, healthcare with PHI, regulated finance with PII), invert the polarity: security-led with a platform override. The platform team operates the control plane in both cases. Ownership flips when the regulatory cost of a misstep exceeds the velocity cost of the approval queue.

The control plane the platform team needs

If platform-led is the default, what does the platform team actually build? Eight axes. The previous post in this series treated gateway selection as the entire question; that’s incomplete. The gateway is one of eight surfaces.

1. Identity and SSO

Every Claude Code session has to map to an authenticated human via SSO. No personal Claude accounts, no shared keys, no service accounts that obscure the human. Platform operates the SSO bridge between the corporate IdP and the gateway’s virtual-key system.

2. Per-developer chargeback

Every token has to be attributable to a developer, a team, a repository. The chargeback table is what finance reads. Platform owns the rollup pipeline from gateway logs to the finance system.

3. Repository allow-list

A policy that says which repositories Claude Code can read from. Default is “deny,” repos get added through a self-serve flow data-classification owners approve. Platform operates the allow-list; security defines what gets in.

4. Live guardrails

Every prompt that crosses the gateway gets screened for secrets, PII, internal-classification markers, and prompt-injection patterns. The screening has to be cheap enough to run on every request. Future AGI’s Protect runs at 65 ms text median time-to-label for text per the public latency benchmark (arXiv 2510.13351), which is the right order of magnitude for inline use. Anything over 200ms per request will get bypassed within a week.

5. Eval and quality signal

The platform team owns the eval surface that scores Claude Code output for task-completion, faithfulness, and code-correctness. This is the input that turns the gateway from observation into a feedback loop. Without an eval signal, you can’t tell whether a new routing policy made things better or worse.

6. Routing and optimization

Which model handles which turn. Easy turns to claude-haiku-4-5, hard turns to claude-opus-4-7, the rest to claude-sonnet-4-6. Platform operates the policy; the policy gets better over time when wired to the eval signal.

7. Audit and forensics

Every prompt, every response, every tool call, retained for the period legal requires. Search has to be fast enough that a security incident in progress can be investigated in minutes, not hours. This is the surface a subpoena will hit.

8. Self-host posture

Whether the gateway runs in your VPC or a hosted region. Some workloads require self-host; most don’t. Platform has to flip between hosted and self-host without breaking developer workflow. This is what BYOC deployments are for.

Future AGI’s Agent Command Center is built around exactly these eight axes: the trace surface is OpenTelemetry-native (traceAI, Apache 2.0), the eval (ai-evaluation, Apache 2.0) and optimizer (agent-opt, Apache 2.0) live alongside the gateway, Protect sits inline at 65 ms text median time-to-label, and trace data feeds back into routing rules and prompt rewrites so the gateway gets better at its job. Other gateways give you the dashboard; Agent Command Center wires the dashboard to the optimizer. The argument here is for the shape, not the brand. Assemble the same shape from five vendors and a glue layer, and you have built the same control plane.

The org design: who reports to whom, who approves what

The cleanest pattern for platform-led with security override looks like this.

Owner: A platform-team lead at the Director or Senior Manager level. Their charter explicitly includes Claude Code as a primary surface, not a side project.

Reports to: VP Platform or VP Engineering. The reporting line determines whose budget pays for the gateway, the optimizer, and the on-call rotation. If Claude Code lives under a generic “tooling” cost center, it gets cut in the next quarterly review.

Approves: Repository allow-list additions, gateway routing policy, optimizer prompt rewrites, on-call rotation membership.

Doesn’t approve: Vendor selection (security veto), data classification (security defines, platform enforces), contractual terms (procurement signs), individual developer access (SSO is automatic; per-developer approval is the failure mode of security-led).

Partners: Security holds the three vetoes and sits on the monthly review. Procurement signs the MSAs. Finance owns cost-center mapping. Legal owns IP-clause analysis. Engineering managers own per-team budgets.

The committee structure hybrid obsesses over is unnecessary when ownership is clear. A monthly 30-minute review with platform, engineering, and security is enough. Anything faster than monthly belongs in the on-call rotation, which is a platform-team responsibility.

The 90-day rollout plan

If you’re inheriting Claude Code ownership in the next quarter, here is the order of operations that has shipped fastest across the rollouts we have watched.

Days 1-15: stop the bleeding. Block personal Claude accounts at the IdP. Stand up the gateway with the simplest policy: SSO-only access, per-developer virtual keys, basic audit logging. Announce that Claude Code traffic must route through the gateway. Two-week deadline. Cut over enough teams to validate the workflow doesn’t break.

Days 16-45: build chargeback. Wire gateway logs into the finance system. Per-developer, per-team, per-repository. Publish the first month’s chargeback to engineering managers. Expect surprise; the top decile will be at 10x the median. Soft alerts at 80% of cap, hard pauses at 110%. The hard pause is unpopular; the soft alert is what people pay attention to.

Days 46-75: guardrails and eval. Inline secrets and PII screening at the gateway. Aim for under 100ms added latency or developers will bypass it. Add the eval surface. Score every session for code-correctness and tool-use accuracy. Ship prompt rewrites and routing changes based on what the eval signal shows. The first round usually finds 15-30% cost reduction without changing developer behavior because Opus is being called when Sonnet would have sufficed.

Days 76-90: close the loop. Wire the optimizer to the eval signal. New routing policies and prompts become versioned changes with automatic rollback. Hand the chargeback dashboard to engineering managers as a self-serve view. Run the first quarterly review with security, procurement, finance, and legal. Demonstrate the audit trail.

One full-time engineer plus 25% of a manager’s time can land all four phases inside the quarter. The constraint is decision velocity, not engineering throughput.

The metrics the platform team owns

The platform team has to publish numbers, and the numbers have to be the same ones finance, security, and engineering all read.

Adoption. Percent of engineers using Claude Code at least three days per week. Target: above 35% within 90 days of GA, above 55% within 180 days. Below 35% means the rollout is failing on velocity.

Cost per developer per month. Median, P90, and the top decile. Target: median below $1,200, P90 below $3,000, top decile flagged for routing review. The top-decile number bends; the median is mostly bounded by team behavior.

Cost trend. Month-over-month change in spend, normalized by adoption. A platform-led rollout with the optimizer in place should bend the cost curve downward by month four. Flat is acceptable for the first three months; rising into month six means the loop isn’t closing.

Guardrail coverage. Percent of requests screened by inline guardrails. Target: 100%. Below means there’s a bypass path.

Bypass rate. Percent of Claude API calls from corporate networks that didn’t route through the gateway. Target: under 2% within 30 days of cutover. Above 5% means there’s a shadow path the SSO block didn’t catch.

Mean time to investigate. From the moment security flags a prompt to the moment platform can produce the full session transcript. Target: under 15 minutes. Above an hour means the audit surface isn’t searchable enough.

Eval score on production sessions. Mean and P10 of the code-correctness eval, weekly. Stable or improving. A drop signals a model swap, a routing regression, or a prompt-injection campaign.

These seven are the executive readout.

Sources

• Anthropic Claude Code documentation, claude.ai/docs/claude-code
• Future AGI Agent Command Center, futureagi.com/platform/monitor/command-center
• Future AGI Protect latency benchmarks, arxiv.org/abs/2510.13351 (65 ms text / 107 ms image median time-to-label)
• Future AGI traceAI, github.com/future-agi/traceAI (Apache 2.0)
• Future AGI ai-evaluation, github.com/future-agi/ai-evaluation (Apache 2.0)
• Future AGI agent-opt, github.com/future-agi/agent-opt (Apache 2.0)
• Anthropic enterprise procurement documentation, anthropic.com/enterprise
• Portkey originated the “who owns Claude Code at your company” framing in late 2025; this post extends it to the platform-team perspective.

Related reading

• Best 5 AI Gateways to Monitor Claude Code Token Usage in 2026
• What Is an AI Gateway? The 2026 Definition
• Best LLM Gateways in 2026