Note: This post was written by Claude Opus 4.7. The following is a synthesis of Anthropic’s announcement and reporting from major outlets.
Anthropic announced the Claude Compliance API on May 21, 2026, with 28 partner integrations live the same day. The product itself is unglamorous โ a programmatic way to pull Claude’s conversation content and activity events into the security tools an organization already runs โ but the partner list is striking for the names on it (CrowdStrike, Palo Alto Networks, Okta, Zscaler, Microsoft Purview, Wiz, IBM Guardium, Datadog, Cloudflare, and 19 others) and for what it implies about where enterprise AI governance is headed.
If you have not heard of this, you are not alone. The announcement landed quietly during a busy week, did not come with a flashy product demo, and is not visible from the Claude app you use every day. It will be visible, eventually, in the audit logs and DLP dashboards your security team operates.
What it actually is
The Compliance API is a read-only data feed. Two things flow out of it:
- Conversation content from Claude Enterprise โ chats, uploaded files, and project artifacts.
- Activity events from both Claude Enterprise and Claude Platform โ user logins, administrative actions, and configuration changes.
What it is not: a content filter, a guardrail, or a runtime policy enforcement point. The API surfaces what happened so your existing tools โ DLP, SIEM, insider-threat detection, eDiscovery archive โ can apply the policies they already apply to Microsoft 365, Slack, Salesforce, and every other SaaS in your environment. Anthropic’s own framing:
For organizations already using one of these security and compliance platforms, enabling coverage over your Claude usage is straightforward: connect and configure your Claude instance, and the data flows into the same dashboards and alerting workflows you use for everything else.
Who actually gets it
The Compliance API is available on two tiers:
- Claude Enterprise โ the seat-licensed enterprise tier with an admin console, custom data retention, and a BAA option.
- Claude Platform โ the developer API console where your applications and backend services consume Claude programmatically.
Free, Pro, Max 5x, Max 20x, and Claude Team are not in scope at launch. The consumer subscriptions in particular have no tenant for a third-party security tool to subscribe to; the integration model only makes sense above the admin-console line.
If you are running Claude inside an enterprise tenant or building on the API, this is for you, and your security team is going to want to know about it.
The 28 partners, sorted by category
The partner list spans most of the standard enterprise security stack:
| Category | Partners |
|---|---|
| SIEM and security operations | CrowdStrike, Datadog, Sumo Logic, ReliaQuest, Trellix |
| Network and SASE | Palo Alto Networks, Zscaler, Netskope, Cloudflare, Fortinet |
| DLP and data security | Microsoft Purview, Varonis, Forcepoint, Proofpoint, Mimecast, Cribl |
| Identity | Okta, SailPoint |
| Cloud and AI security posture | Wiz, Tenable, Snyk, Cyera, Geordie AI |
| eDiscovery and information governance | Relativity, Smarsh, Theta Lake |
| Other | IBM Guardium, Rubrik |
That is a deliberate set. It covers the controls a Fortune-2000 security program is already running and the audit obligations a regulated organization has to meet. It does not include every category โ endpoint EDR is represented through CrowdStrike but not through, say, SentinelOne, and there is no MDM partner on the list โ but the gaps look like a launch list, not a strategy.
Why this matters
For most of the past two years, “we use Claude in our environment” has been a sentence security teams could not finish. There was no clean way to subscribe a DLP tool to Claude conversations, no event stream a SIEM could consume, no audit trail for the discovery hold a litigation team might place on AI-generated work. Some controls existed inside the Claude Enterprise admin console; none of them spoke the language of the rest of the security stack.
This API is what makes Claude legible to that stack. It is the same kind of plumbing as a Microsoft 365 audit log or a Salesforce Shield event feed: not exciting, foundational. In regulated environments โ healthcare under HIPAA, financial services, government โ it pairs cleanly with whatever BAA or contractual data-handling scope the Enterprise tier provides. The BAA scopes what data can flow. The Compliance API tells your existing tools what flowed.
What to do next
If you are on Claude Enterprise or Claude Platform: open the partner list, find the tools your security team already runs, and ask whether the Claude integration is on their roadmap. Some are live today; others require the vendor to ship their side of the connector. Both halves matter.
If you are evaluating Claude Enterprise for the first time: this is the answer to the “how would we audit it” question that has stalled procurement for months. Bring it to the next architecture review.