Post by Zach Miller CISSP, CISM, CRISC, FITSP-M

A CISO friend asked me last month: "Why is our Anthropic bill 3x what we approved, and why can't I figure out which team did it?" I asked whether they were running Claude through Bedrock or hitting the direct API. Long pause. "Both. Maybe?" That's the problem in one sentence. Just published a deep-dive on the three failures every "we use Claude" enterprise is making right now — and how AWS Bedrock fixes most of them at once: 🔴 Billing chaos → IAM Principal-Based Cost Allocation (April 2026) 🔴 Audit invisibility → CloudTrail + Model Invocation Logging 🔴 Shadow Claude → Bedrock Guardrails + the Compliance API Plus a 7-step Monday-morning architecture any CISO can put in motion this week — no new headcount required. If you're still running Claude through the direct API in mid-2026 because "the developers prefer it" — you have a conversation coming. The only question is whether it's on your timeline or your auditor's. Link in the first comment ⤵️ #ClaudeAI #AWSBedrock #AISecurity #CloudSecurity #CISO #ShadowAI #GRC #Compliance #FinOps #Cybersecurity