Hubspot Claude Implementation Case Study

"PromptArmor was essential in allowing our security team to quickly turn around an assessment of Claude during vendor due diligence, and also to help with efficient secure rollout afterwards, to accelerate adoption."

The Challenge

When HubSpot began evaluating Anthropic's Claude for deployment — spanning Chat, Code, and Cowork — the Vendor Risk & Security team needed to conduct a thorough assessment of a platform that didn't fit neatly into traditional vendor risk frameworks. Each deployment surface carried its own distinct threat profile, and the security team needed to understand the novel risks introduced by LLM-powered tooling before confidently approving adoption.

Chat introduced risks around indirect prompt injection, data leakage through conversational interfaces, and the potential for sensitive internal data to surface in model interactions. Code and Cowork raised concerns around access to filesystems, ability to execute code, and take actions on behalf of the user — with agentic capabilities, skills, and the ability to operate across connected systems.

How PromptArmor Helped

PromptArmor helped HubSpot systematically decompose each of these threat models, moving far beyond generic AI risk checklists to deliver analysis grounded in real-world attack chains and vulnerability research specific to LLM-powered tooling. They provided clarity on precisely which controls to prioritize for each surface:

—

What needed to be locked down before launch

—

What could be configured at the organizational tier level

—

Where residual risk was acceptable given HubSpot's existing security architecture

Their depth of expertise in prompt injection vectors, skill and connector risks, and agentic AI threat surfaces meant the security team was operating from a position of informed confidence.

What could have been a months-long evaluation bottleneck instead became a deployment accelerator. PromptArmor gave the security team the technical clarity to greenlight rollout on a timeline that matched the organization's ambition, while ensuring the right guardrails, monitoring, and organizational controls were in place from day one.

HubSpot went from initial evaluation to secure, organization-wide deployment faster than expected — without compromising on the thoroughness their risk program demands.

Chuck from HubSpot presenting with PromptArmor on Claude Cowork Secure Deployment — Third Party Risk Association Conference

Beyond Claude

The HubSpot Vendor Risk & Security team uses PromptArmor to evaluate and assess the risk of both AI-enabled vendors integrating LLMs into their products and internal tooling that drives productivity. Their threat intelligence — targeted towards novel risks from Generative AI and LLMs — has been instrumental in streamlining third-party assessments.

Whether Generative AI is a key function of a vendor's product or HubSpot is leveraging a vendor's LLMs internally, PromptArmor surfaces relevant and timely intelligence specific to novel LLM and Generative AI risks.

The team has also been able to develop deeper internal expertise around new AI and LLM-specific threats — acting as internal experts to the broader business when it comes to these novel risks.

"Prompt Armor will be invaluable and a game changer as we continue to see new Generative AI capabilities across our vendor environment."

Chuck Walkup

HubSpot Vendor Risk & Security

Solutions

Industries