Challenge
Doubling down on Claude without a way to govern what was being built on top of it
Thryv is an all-in-one management and marketing platform for small and medium-sized businesses, automating daily operations, CRM, and online presence. As an AI-first company, Thryv made a deliberate bet to push Claude as deep into the enterprise as possible, standardizing on Claude and Claude Cowork as the AI ecosystem for engineering, customer-facing teams, and back-office functions, alongside Microsoft Copilot and Azure OpenAI.
That bet paid off in adoption. Teams quickly started building managed agents on top of Claude, spinning up MCP servers, and connecting them to enterprise data sources to automate real work. But existing security tooling gave Thryv's security team no visibility or governance over any of it.
They needed answers to three urgent questions:
- Which agents have our teams built on Claude, and what enterprise data are they connected to?
- What sensitive information is flowing into Claude prompts and through MCP servers?
- Where is pre-AI oversharing now exposing data to the agents we're building?
"There was a whole lot of 'this looks cool, let's do it, let's try it out' without as much emphasis on 'how do we secure this,' how do we make sure that we're taking care of our customers’ information and safely deploying things." - Thomas Koo, Information Security, Thryv
Core Claude + AI Agent Concerns
- Managed agents built on Claude with no governance layer. Teams were creating agents across the business and connecting them to enterprise data without any centralized inventory or risk review.
- MCP servers connecting Claude to sensitive systems. New MCP servers were standing up faster than security could track them, with no visibility into what they were connected to or who could use them.
- Sensitive data exposure inside Claude prompts. With Claude becoming the most-used AI platform across engineering and product teams, Thryv had no way to see what kind of information employees were actually submitting.
- Pre-AI oversharing, post-AI consequences. Years of permissive collaboration habits meant content that was "safely buried" in SharePoint and similar systems suddenly became discoverable through Claude and the agents built on it.
- Customer data protection. As an SMB platform serving thousands of customers, Thryv carries a real obligation to keep customer information from leaking into AI surfaces or third-party tools.
Solution
Putting governance around Claude, Claude-powered agents, and the MCP servers connecting them
Thryv partnered with Opsin to put governance in place across its Claude ecosystem: the prompts flowing into Claude, the managed agents teams were building, and the MCP servers connecting it all to enterprise data. The deployment was designed to be lightweight on the security team with fast time to value.
➡️ Rapid deployment in under 20 minutes | Connecting Opsin to Thryv's environment took an API key exchange and a portal connection. Working with Opsin's team, Thryv was sending live data into the platform within 15 to 20 minutes without any agent rollouts, infrastructure changes, or long integration projects.
➡️ Discovery of every agent and MCP server running on Claude | Opsin gave Thryv a live map of the managed agents and MCP servers their teams had built on Claude: what data sources each was connected to, who could use them, and how they were configured. Instead of relying on developer self-reporting, the security team could finally see what was actually running across the business.
➡️ Risk context on what those agents are connected to and why it matters | Discovery was the starting point, not the finish line. Opsin enriched every agent and MCP server with the context Thryv's security team needed to act: which connections touched sensitive data, which configurations introduced real risk, and which agents needed governance applied first.
➡️ Visibility into Claude prompts and sensitive data flow | From day one, the security team could see what employees were actually asking Claude including the type of information being submitted in prompts. That allowed Thryv to identify potentially sensitive prompt patterns and apply governance against them, rather than guess at risk from policy alone.
➡️ Oversharing remediation across the collaboration estate | During the POC, Opsin surfaced significant oversharing across Thryv's collaboration environment such as content built without strict access controls in a pre-AI era that Claude and its agents could now retrieve. Thryv's security team used Opsin to work directly with content owners to lock down sharing, secure sensitive material, and reduce the surface area available to AI.
➡️ Continuous governance as the Claude footprint scales | With visibility in place, Thryv shifted from one-off audits to ongoing oversight. Opsin continuously monitors prompt activity, new agents, and MCP server changes so the security team can spot risky behavior as it happens, not months later.
"Connecting Opsin into our environment was very easy. Just a portal connection, a couple of API keys, and we were done within 15 to 20 minutes. We had data flowing through Opsin and visibility into what our users were doing within Claude." — Anthony Vu, Senior Director, IT Backend Infrastructure, Thryv
Results
Visibility, context, and control across the Claude ecosystem
With Opsin in place, Thryv moved from an ad hoc AI approach to a governed one without slowing teams down.
✅ Time-to-value in under 20 minutes | Opsin connected, ingesting data, and surfacing visibility into Claude usage in 15 to 20 minutes from kickoff.
✅ Live inventory of every managed agent and MCP server running on Claude, replacing developer self-reporting with a security-owned source of truth for what exists, what it's connected to, and where the risk sits.
✅ Hundreds of oversharing risks identified during the POC, giving the security team a prioritized list of remediation work across collaboration data that Claude-powered agents could otherwise expose.
"Opsin has been a great tool for us in discovering undocumented AI instances and providing guidance on potential security considerations around those environments. This solution helps us provide governance in AI for where we need to be both now and in the future."
— Thomas Koo, Information Security, Thryv
Moving Forward
Scaling Claude and the agents built on it with confidence
With Claude, managed agents, and MCP servers under continuous oversight, Thryv is now positioned to scale agentic AI built on Claude with confidence. Opsin has helped extend governance to every new MCP server and enterprise agent, catching configuration drift, unauthorized data connections, and risky agents before they become incidents. As Thryv continues to roll out AI services to its small-business customers, the same governance framework will protect customer data flowing through those experiences, supporting Thryv's commitment to safely deploy AI without becoming the bottleneck on innovation.
"If anyone out there is working in AI, building any type of agents or MCP servers, or has concerns about visibility into what's running in their environment, definitely reach out. Opsin has a platform that can help you out with the discovery."
— Anthony Vu, Senior Director, IT Backend Infrastructure, Thryv
