Claude Compliance API: The 28 Security and Compliance Integrations Now Plugged Into Claude Enterprise (2026)
TL;DR
- On 21 May 2026 Anthropic launched the Claude Compliance API plus 28 integrations with security and compliance vendors — including CrowdStrike, Okta, Cloudflare, Microsoft Purview, Netskope, Datadog, Wiz (now Google Cloud), Palo Alto Networks, IBM Guardium, Zscaler, SailPoint, and Relativity — so enterprise IT and security teams can govern Claude with the same DLP, SIEM, identity, and eDiscovery tools they already use for other workplace applications.
- The API exposes two data surfaces from Claude Enterprise and Claude Platform: conversation content (chats, uploaded files, and projects) and activity events (user logins, admin actions, configuration changes). That is the architectural primitive enterprise security teams have been pressing for — programmable access to Claude's enterprise surface that lets existing security infrastructure see Claude the way it sees Slack, Microsoft 365, or Salesforce.
- The buyer takeaway is not "Claude is now compliant." It is that the boundary between Claude-the-model and the enterprise IT stack has been formalised. The implementation work — picking the right partners, wiring connectors, defining DLP policies, mapping SIEM detections, governing identity — moves to the front of every enterprise Claude rollout.
Last updated: 22 May 2026
On 21 May 2026 Anthropic announced the launch of the Claude Compliance API with a 28-strong partner ecosystem spanning DLP, SASE, data security, SIEM and security operations, identity, eDiscovery, AI security posture management, and AI observability and telemetry. The framing in the announcement is precise: enterprise IT and security teams can now apply "the same security, monitoring and DLP policies to Claude that they already use for other workplace applications" rather than treating Claude as a special-case surface that needs bespoke controls.
This is the move the largest enterprise buyers have been pressing for. Until now, every enterprise Claude rollout above a few hundred seats hit the same wall — Claude was a black box from the existing security stack's point of view. The IT team could not feed Claude conversations through their DLP engine, the security operations centre could not see Claude admin actions in their SIEM, and the legal team could not pull Claude content into an investigation the way they pull Slack or Microsoft 365. Anthropic's announcement removes the wall, and the partner list says the rest of the industry has been ready to ship against it.
What is the Claude Compliance API?
The Claude Compliance API is the enterprise interface that exposes two data surfaces from Claude Enterprise and Claude Platform to authorised security and compliance tools: conversation content — chats, uploaded files, and projects from Claude Enterprise — and activity events — user logins, admin actions, and configuration changes across both Claude Enterprise and Claude Platform.
Read it as two parallel feeds rather than one monolithic API. Conversation content is what users put into Claude and what Claude produces back — the data surface DLP, eDiscovery, and data security tools care about. Activity events are the audit trail — who logged in, what admins changed, which configuration toggled — the data surface SIEM, identity governance, and AI security posture tools care about. Anthropic publishes Compliance API documentation through the Anthropic Help Center for both Claude Enterprise and Claude Platform; security vendors join the ecosystem through an application form.
This split matters architecturally because it mirrors how the rest of the enterprise SaaS stack already exposes itself. Microsoft 365 separates content (Purview eDiscovery, sensitivity labels, DLP) from activity (Microsoft 365 audit log). Slack Enterprise Grid separates DLP and eDiscovery content APIs from the audit log. Salesforce separates Shield Event Monitoring from Shield Platform Encryption. Anthropic shipped the same primitive shape, which is why 28 partners could publish production integrations on day one — the API is in the language the security vendors already speak.
| Data surface | What it exposes | Which tools consume it |
|---|---|---|
| Conversation content | Chats, uploaded files, and projects from Claude Enterprise | DLP, data security, eDiscovery, archiving and supervision |
| Activity events | User logins, admin actions, configuration changes across Claude Enterprise + Claude Platform | SIEM and security operations, identity governance, AI security posture management, AI observability and telemetry |
What 28 security and compliance tools now integrate with Claude?
Anthropic named 28 partners on launch day across eight categories enterprise security teams already organise their stack around: DLP, SASE, data security, SIEM and security operations, identity, eDiscovery and supervision, AI security posture management (AI-SPM), and AI observability and telemetry. The mapping below groups each partner by primary category, with the caveat that several vendors span multiple categories (Zscaler is both SASE and DLP, Datadog is both SIEM and observability, Varonis is both DLP and data security).
| Category | Partners | What the integration does for Claude |
|---|---|---|
| DLP | Forcepoint, Microsoft Purview, Netskope, Proofpoint, Trellix, Varonis, Zscaler | Apply existing DLP policies, sensitivity labels, and exfiltration controls to chats, uploaded files, and projects in Claude Enterprise |
| SASE / network security | Cloudflare, Fortinet, Palo Alto Networks, Zscaler | Inspect and govern Claude traffic at the network edge alongside the rest of the workplace SaaS estate |
| Data security | Cyera, IBM Guardium, Rubrik, Varonis | Classify, monitor, and protect the underlying data Claude reads and writes; bring Claude content into existing DSPM and data-protection programmes |
| SIEM and security operations | CrowdStrike, Datadog, ReliaQuest, Sumo Logic | Stream Claude activity events into the SOC so admin actions, logins, and configuration changes show up in detections, dashboards, and incident response |
| Identity | Okta, SailPoint | Enforce SSO, lifecycle management, and identity governance for Claude users with the same controls applied to other workplace SaaS |
| eDiscovery and supervision | Mimecast, Relativity, Smarsh, Theta Lake | Bring Claude conversations into existing eDiscovery, archiving, supervision, and modern-communications compliance workflows |
| AI security posture management (AI-SPM) | Geordie AI, Snyk, Wiz (Google Cloud) | Treat Claude as a first-class AI surface inside the organisation's AI-SPM programme — discovery, posture scoring, risk policy enforcement |
| AI observability and telemetry | Cribl, Datadog, Sumo Logic | Route Claude telemetry through existing observability pipelines so Claude is visible alongside other SaaS and infrastructure |
| Vulnerability and exposure | Tenable | Bring Claude-related identities and configurations into the existing exposure-management programme |
Read this as the answer to "does Claude integrate with [vendor]?" for the 28 partners on the day-one list, and as a useful proxy for the rest of the market. Vendors not on the list at launch — a regional SIEM, a niche DLP appliance, a custom data security gateway — can build against the same Compliance API surface once they apply.
Why does this matter for enterprises evaluating Claude vs ChatGPT Enterprise or Microsoft Copilot?
It matters because programmable access to the conversation and activity surface is the missing piece that lets enterprise security teams treat an AI assistant the same way they treat Slack, Microsoft 365, or Salesforce — and Anthropic's announcement closes that gap with a clearly named API plus 28 production partners shipping integrations against it.
For most of 2024 and 2025 the enterprise pitch from frontier AI providers ran roughly the same way: use the enterprise SKU, accept the default controls, trust the SOC2 or ISO report. That worked for pilots and for single-department deployments. It did not scale into IT-and-security-led rollouts of tens of thousands of seats, because the security stack could not see the AI assistant. The honest read is that Microsoft Copilot benefited disproportionately during that window because it inherited the Microsoft 365 compliance and security graph by default — Purview, Defender, Entra, Sentinel, Audit. Customers who wanted that posture had a single dominant choice.
The Compliance API closes that gap on the Claude side. The buying comparison shifts from "which model is best?" to "which AI surface integrates cleanly into our existing security architecture?" — a question enterprise IT was always going to win the deciding vote on. The interesting near-term consequence is the decoupling of model choice from security posture. An enterprise can pick Claude on capability and still meet its DLP, SIEM, identity, and eDiscovery obligations through the partner ecosystem rather than through a single-vendor bundle.
Which Claude integrations does enterprise IT typically pick first?
Enterprise IT typically picks identity, SIEM, and DLP first when integrating a new AI surface, because those three categories cover the most common audit and incident-response questions and they unlock the rest of the rollout. eDiscovery and AI-SPM follow once the user base is large enough or the regulatory environment requires it. SASE and observability slot in where the network and platform programme has already standardised.
The pattern in enterprise rollouts is consistent. Identity first because access governance is non-negotiable — SSO and MFA through Okta or Microsoft Entra, lifecycle through SailPoint, just-in-time access where the team has matured. SIEM second because the security team needs Claude activity events flowing into their existing detection-and-response pipeline before they sign off on a wider rollout — CrowdStrike, Datadog, ReliaQuest, or Sumo Logic, depending on what the SOC already runs. DLP third because the moment users start uploading files and creating projects, the data-protection team needs to apply the same controls they already apply elsewhere — Microsoft Purview if the enterprise is M365-heavy, Netskope or Zscaler if it is SASE-led, Varonis or Forcepoint for data-centric programmes.
| Rollout phase | Integration category | Typical partners | What gets unlocked |
|---|---|---|---|
| Phase 1 — Access | Identity | Okta, SailPoint | SSO, MFA, joiner-mover-leaver controls, just-in-time access |
| Phase 2 — Visibility | SIEM / security operations | CrowdStrike, Datadog, ReliaQuest, Sumo Logic | Admin and login event stream into the SOC; detections; incident response |
| Phase 3 — Data control | DLP, data security | Microsoft Purview, Netskope, Zscaler, Varonis, Cyera, IBM Guardium | Sensitivity labels enforced on Claude content; exfiltration controls; DSPM coverage |
| Phase 4 — Investigations | eDiscovery and supervision | Relativity, Smarsh, Mimecast, Theta Lake | Claude content surfaces in legal hold, eDiscovery, archiving, supervision |
| Phase 5 — AI posture | AI-SPM, AI observability | Geordie AI, Wiz, Snyk, Cribl | Claude is visible inside the AI-SPM programme; telemetry routed through existing pipelines |
| Phase 6 — Network and edge | SASE | Cloudflare, Fortinet, Palo Alto Networks | Claude traffic governed at the network edge alongside the rest of SaaS |
The point is not to ship all six phases at once. The point is that the order is now buyer-controlled rather than vendor-imposed, and each phase unlocks the next set of seats.
How does the Claude Compliance API change AI security posture management (AI-SPM)?
The Claude Compliance API turns Claude into a first-class object inside an organisation's AI-SPM programme rather than a black box outside it. AI-SPM platforms — Geordie AI, Wiz (Google Cloud), Snyk — can now discover Claude usage, score posture against policy, attribute conversations and projects to users, and flag risky patterns the same way they do for other AI surfaces.
AI-SPM as a product category is barely two years old, and most platforms still organise their inventory around "shadow AI" — finding the AI services employees are using without IT's knowledge. The Compliance API moves Claude from "discovered shadow AI" to "governed first-party AI," and that changes what the AI-SPM tool can actually do. With activity events flowing through, the AI-SPM platform can see admin changes the moment they happen. With conversation content available where the customer chooses to expose it, the AI-SPM platform can apply prompt-injection detection, sensitive-data classification, and policy enforcement at the message level. With identity already federated through Okta or SailPoint, the AI-SPM platform can attribute every action to a person inside the joiner-mover-leaver lifecycle.
The honest tradeoff is that AI-SPM coverage depends on what the customer chooses to share. The Compliance API is the primitive; the customer still decides which conversations are forwarded to which tool. That is a feature, not a limitation — it keeps the trust boundary where it belongs and lets organisations apply different policies by data classification, region, or business unit.
Where does Claude's compliance posture still need human judgement?
Claude's compliance posture still needs human judgement at three places: policy design, exception handling, and red-team validation. The API and the partner ecosystem cover the plumbing. The work of deciding what "compliant Claude usage" actually means for a specific business — which data classes are allowed, which workflows require dual approval, which prompts should be flagged on detection — is still human work.
This is the part of the rollout where pilots stall and enterprises spend longer than they expected. The Compliance API gives the security team the ability to do the work. The work itself — writing the DLP policies, mapping the SIEM detections, designing the eDiscovery review workflow, calibrating the AI-SPM scoring rubric to the organisation's actual risk appetite — requires people who understand both Claude's behaviour and the enterprise's governance regime. That is the boundary an implementation partner sits on.
The other place human judgement matters is at the seam between Claude Enterprise and Claude Platform. Claude Enterprise carries the chat, project, and uploaded-file surface where most user activity happens. Claude Platform carries the API and developer-facing surface where engineering teams build on top of Claude. Both expose activity events through the Compliance API. The conversation-content surface on Claude Platform varies by deployment, and customers need to design which platform-side data flows through the same DLP and eDiscovery pipeline as enterprise-side chats. That is policy work, not configuration work.
What is the AI Heroes implementation pattern for Claude enterprise governance with the Compliance API?
The AI Heroes implementation pattern for Claude enterprise governance is a five-phase loop: pick four anchor partners covering identity, SIEM, DLP, and eDiscovery; wire the Compliance API connectors first as read-only feeds; codify the organisation's policies into the partner platforms; validate end-to-end with a tabletop incident response exercise; then expand into SASE, data security, AI-SPM, and observability once the first four are stable.
We treat the Compliance API rollout as an enterprise-architecture project, not an AI rollout. The model is already trustworthy enough for the rollout to begin; the limiting factor is the policy graph the customer needs to define and the partner stack they need to align. The benchmark we hold ourselves to is that after sixty days the security team can answer four questions cleanly: who used Claude this week, what content moved through it, which admin changes were made and by whom, and which conversations triggered policy alerts — all from the existing security tools rather than from a Claude-specific console.
The phases:
- Anchor partners. Choose one each for identity (typically Okta or SailPoint), SIEM (CrowdStrike, Datadog, ReliaQuest, or Sumo Logic depending on what the SOC runs), DLP (Microsoft Purview if M365-heavy, otherwise Netskope, Zscaler, or Varonis), and eDiscovery (Relativity for most legal-heavy enterprises, Smarsh or Mimecast for communications-heavy ones).
- Wire read-only. Set up the Compliance API connectors to feed activity events and conversation content into the four anchors. Do not enforce yet. Build visibility first so the team can see what is actually happening before they start blocking.
- Codify policies. Translate the organisation's existing acceptable-use, data-classification, and retention policies into the partner platforms — Purview labels, SIEM detection rules, eDiscovery hold templates, IAM access patterns.
- Tabletop validation. Run a controlled incident response exercise. Inject a simulated exfiltration event, an admin-takeover event, a DLP trigger, and a legal-hold request. Validate that each one surfaces in the right partner platform with the right metadata.
- Expand. Layer in SASE (Cloudflare, Fortinet, or Palo Alto Networks), data security (Cyera, IBM Guardium, Rubrik, or Varonis), AI-SPM (Geordie AI, Wiz, or Snyk), and AI observability (Cribl) once the first four are stable.
This is the discipline the Claude Compliance API rollout demands: anchor first, visibility before enforcement, policy as the durable IP, partners as the execution surface. The enterprises that get the most from the new partner ecosystem refuse to skip the policy codification step. The ones that fail are the ones that wire the integrations as a checkbox and then discover the SOC, the legal team, and the data protection officer have never agreed on what they were supposed to see.
Authoritative sources
- Anthropic: Claude now works with more security and compliance tools (the launch announcement, 21 May 2026)
- Anthropic: Claude Enterprise
- Anthropic: Claude Platform
- Anthropic Help Center (Compliance API documentation for Claude Enterprise and Claude Platform)
- Anthropic news: how our partners are putting Opus to work for cybersecurity (companion announcement on cybersecurity partners, 21 May 2026)
- Anthropic + Salesforce expanded partnership (the precedent for an LLM provider operating inside an enterprise SaaS trust boundary)
Related reading
- Anthropic's sales team on Claude Cowork: an AI-augmented sales-ops layer in practice
- Microsoft Copilot Cowork vs Claude Cowork: the borrowed brain
- Microsoft Copilot Cowork vs Claude Code: the two floors nobody automated
- Claude Cowork enterprise controls for UK payroll bureaus
- Claude Microsoft 365 connectors: now available on every Claude plan
- Claude managed agents for insurance brokerages
Frequently Asked Questions
Founder, AI Heroes
I build AI companies and the systems inside them. At AI Heroes, we give businesses the functional capacity to grow without the headcount growth normally demands — sales that follows up, marketing that runs, content that ships, ops that handles itself. We audit where you're leaving growth on the table, build the team that captures it, and hand it over completely.
I've built at scale before. Leading product and GTM at SlideSpeak AI (1M+ monthly users, profitable, bootstrapped). CPO at Disperse — the AI construction platform that went from 3 to 200+ people on $35M raised. I also co-founded LOBOMAR, a luxury fashion label featured in Elle, Cosmopolitan, and the LA Times, with shows at the London Design Museum, Wereldmuseum, and Amsterdam Fashion Week.
Related Articles
Microsoft Scout vs Claude Cowork: Autopilot or Delegation?
Two of 2026's biggest agent launches make opposite bets. Microsoft Scout is a desktop autopilot that runs in the background and acts on your behalf; Claude Cowork waits for you to hand it a task, then delivers. One is push, the other pull — here's which fits your team.
How to Get Started with Claude Cowork: A Decision Framework for Knowledge Workers (2026)
Claude Cowork is where you delegate a whole task instead of asking a question — point it at your files and apps, describe the outcome, get finished work. The hard part isn't the prompt, it's knowing which tasks to hand it. Here's a 5-signal fit test, the three shapes a Cowork task can take, and how to get your first deliverable in ten minutes.
How Claude Managed Agents Actually Work: Dreaming, Outcomes, Multiagent Orchestration, and Webhooks (2026)
Anthropic gave Claude Managed Agents four new mechanics at Code w/ Claude: Dreaming, Outcomes, Multiagent Orchestration, and Webhooks. The one that changes how you build is Outcomes — a separate grader that loops the agent until a rubric is met. Here is how each one works, and when to reach for it.