This reminds me of an org I used to work at where they had CrowdStrike installed on every work laptop.

I once used curl to download a shell script from GitHub and it caused a defcon 1 event where security reached out to me asking why I downloaded it.