Anthropic’s Claude has gone from "the AI tool a few teams were experimenting with" to mission-critical infrastructure:
-
Developers ship code with Claude Code.
-
Analysts build entire workflows on Claude Projects.
-
Platform teams run inference at scale through the Claude Platform.
But here's the uncomfortable question: Do you have the same security governance over Claude that you have over Slack, Google Workspace, or Salesforce? If the answer is "not yet" — this post is for you.
Netskope has built an integration with the Claude Compliance API, giving security and compliance teams visibility into Claude usage directly within the Netskope One Platform. This brings Claude Enterprise and Claude Platform activity under the same security umbrella as every other application in your stack.
No new tools. No separate dashboards. The same console your team already uses. Let me walk you through what this looks like — and more importantly, why it matters.
The Problem: AI Apps Are the New Shadow IT
When your workforce adopted Slack or Microsoft Teams, your security team had playbooks. You could enforce SSO, scan files with DLP, and audit who did what. But AI applications introduce a fundamentally different challenge:
-
Conversations contain business logic (Claude Enterprise): Unlike email, a Claude Enterprise chat might contain your entire architecture decision, proprietary algorithms, or customer PII — interleaved with AI responses.
-
Projects are knowledge bases (Claude Enterprise): Teams upload internal documents, code, and data into Claude Projects. A misconfigured project can expose sensitive context to an entire organization.
-
The platform surface area is massive (Claude Platform): API keys, workspaces, workspace members, roles, rate limits — Claude Platform is infrastructure that needs governance.
-
Behavioral signals matter (both products): A user bulk-deleting 20 chats in 10 minutes is not normal. An SSO connection being deactivated at 2 AM demands immediate attention.
The CASB Blindspot: Traditional CASB approaches that only monitor network traffic miss all of this. You need API-level visibility into what's happening inside Claude.
The scope differs significantly by product:
-
Claude Enterprise: Activity logs (user logins, admin actions, settings/configuration changes) and conversation content (chats, uploaded files, and projects) are retrievable via dedicated read endpoints.
-
Claude Platform: Admin API resource endpoints (organizations, users, workspaces, API keys, invites) and Compliance API activity logs. Note: Conversation content and model inference data are not available for Claude Platform.
What Netskope Delivers: Three Pillars of AI Security
Netskope's integration with Anthropic covers three distinct security capabilities, each addressing a different layer of risk.
Pillar 1: Asset & Identity Discovery
Before you can secure Claude, you need to know what's there. Netskope continuously inventories the resource graph across both Claude Enterprise and Claude Platform:
| Category | What We Discover |
| Organizations | Claude orgs, SSO/SCIM status, compliance API enablement, spend limits |
| Users & Groups | Identity inventory, role assignments, authentication methods, group memberships |
| Projects | Public vs. private classification, document/file counts, ownership |
| API Keys | Key type (Compliance, Admin, Workspace), scopes, age, creator, expiration |
| Workspaces | Inference region restrictions, member counts, archive status |
| MCP Servers | Model Context Protocol servers connected to Claude, tool counts |
| Integrations | GitHub repos, Google Drive folders connected to Claude |
| Roles & Permissions | Built-in and custom roles, permission sets, user/group assignments |
This is not a static snapshot. The integration continuously synchronizes via the Claude Compliance API, ensuring your inventory reflects the live state of your environment.
Pillar 2: Security Posture Management
Discovery is table stakes. The real value is continuous evaluation. Netskope ships 30+ predefined security rules that evaluate your Claude environment against security best practices and compliance frameworks.
A. Configuration-Based Posture Rules (Always-On Assessment)
Claude Enterprise Posture Rules
| Rule | Severity | What It Detects |
| Claude Code data sharing enabled | Critical | Code snippets sent to Anthropic for model training — IP leakage risk |
| Sharing chats using data connectors is not restricted | Critical | AI responses derived from connected data can be shared internally |
| SSO is not enforced | High | Users can bypass centralized authentication and MFA |
| IP access restriction not enabled | High | Console/API accessible from any network — credential compromise risk |
| Retention period for chat data is unlimited | High | Ever-growing repository of sensitive data with no cleanup |
| Session duration not shortened | High | Prolonged sessions increase hijacking risk |
| Members allowed to invite new users | High | Decentralized invitation authority bypasses vetting |
| Manually provisioned groups with high privileges | High | Groups outside IdP lifecycle — privilege drift risk |
| Project is publicly accessible | Medium | System prompts, knowledge base files exposed org-wide |
| Chrome extension restriction not configured | High | Extension can scrape any webpage content without an allowlist |
Claude Platform Posture Rules
| Rule | Severity | What It Detects |
| Unrestricted workspace inference region | High | API requests processed outside approved geographic boundaries |
| Orphaned API key (creator left org) | High | Active credentials with no owner — unauthorized access risk |
| Unscoped API key (default workspace) | Medium | Keys with broader access than intended |
| Unsafe general invite configuration | Low | Invites pending 30+ days or with overly long expiration |
B. Template Rules (Customizable to Your Org)
For policies that vary by organization, Netskope provides configurable templates:
-
User email domain validation: Flag users whose email doesn't match
@yourcompany.com -
API key expiration threshold: Alert when keys exceed your rotation policy (e.g.,
> 90 days) -
Monthly spend limit enforcement: Ensure per-user spend caps are configured
-
Unapproved model usage detection: Detect cost report entries for models not on your approved list
-
Admin invite lifecycle: Alert when admin invites are pending too long
C. Activity-Based Behavioral Rules (Real-Time Threat Detection)
Netskope evaluates the Activity Feed in real-time to detect anomalous behavioral patterns tuned to Claude-specific attack vectors:
| Rule | Severity | Detection Logic |
| SSO Configuration Tampering | Critical | SSO connection deactivated or deleted — immediate alert |
| Mass User Deletion | Critical | 10+ users deleted in 30 minutes |
| Compliance API Data Exfiltration | Critical | 100+ Compliance API accesses in 60 minutes from non-Netskope actor |
| Mass Project File Deletion | Critical | 100+ project file deletions in 5 minutes |
| Bulk Chat Deletion | High | 20+ chats deleted in 10 minutes |
| Bulk Project Deletion | High | 3+ projects deleted in 15 minutes |
| Admin API Key Rotation Storm | High | 5+ admin key operations in 15 minutes |
| Non-SSO Login | High | Login via magic link or social provider instead of SSO |
| MCP Server Mass Provisioning | High | 5+ MCP servers created in 30 minutes |
| Failed Login Brute Force | High | 10+ failed logins in 15 minutes for a single actor |
| Excessive File Uploads | Medium | 50+ files uploaded in 30 minutes |
| Excessive Data Export Requests | High | 5+ data export requests in 60 minutes |
These aren't generic rules — they're tuned to Claude-specific attack patterns. A sudden burst of Compliance API accesses from an unknown actor could indicate a leaked key being used for data exfiltration. An SSO configuration change is a single event that demands immediate investigation.
Pillar 3: Data Protection (DLP for Claude Enterprise Conversations)
Claude Enterprise conversations are repositories of sensitive data. Netskope extends its enterprise DLP engine to scan Claude Enterprise content natively:
-
What gets scanned (Claude Enterprise only): Chat messages (prompts & AI responses), uploaded files (PDFs, code, spreadsheets), artifacts, and project knowledge base files. (Note: Conversation content is not available via API for Claude Platform).
-
How it works: The same DLP policies you apply to Slack, Google Workspace, or M365 now seamlessly cover Claude Enterprise. If your policy flags SSNs, credit cards, or source code patterns, it works identically here.
-
Remediation: When a violation is detected, Netskope can alert the security team with full context or automatically remove the offending chat, file, or project document.
How It Works: Under the Hood
Important Clarification: Netskope built this integration; Anthropic provides the APIs. The integration provides visibility and monitoring — it does not control, restrict, or modify Claude's behavior natively. Remediation actions (like removing a chat) use the Claude Compliance API delete endpoints, which are available exclusively for Claude Enterprise.
Two Products, Distinct Capabilities
Netskope connects to Anthropic using two APIs and two auth methods, unlocking different features:
| Product | APIs Used | CASB (DLP / Remediation) | Security Posture | Activity-Based Rules |
| Claude Enterprise | Compliance API (Compliance Access Key) | Yes — conversation content scanning & file/chat/project remediation | Yes — org settings, users, groups, projects, roles, SSO, IP restrictions | Yes |
| Claude Platform | Admin API + Compliance API Activity Feed (Admin Key) | No — no conversation content available | Yes — organizations, users, workspaces, API keys, invites, cost reports | Yes |
Data Ingestion: Dual-Loop Architecture
Netskope uses a dual-loop pipeline to ensure comprehensive coverage:
-
Resource Importer: Periodically polls API listing and object endpoints to sync the resource graph. This creates authoritative, point-in-time snapshots of your users, projects, and workspaces.
-
Event Processor: Continuously polls the Compliance API Activity Feed (130+ event types across 14 domains). This catches resources that have no listing endpoint (e.g., MCP servers), setting changes, and real-time behavioral anomalies.
Setup: Five Minutes to Visibility
Onboarding takes three simple instance configurations:
1. Claude Enterprise — Security Posture
-
Navigate to Settings > Configure App Access > Next Gen > Security Posture.
-
Select Claude Enterprise, click Setup Instance.
-
Enter your Compliance Access Key, Admin Email, and desired scan interval.
-
Click Grant Access.
2. Claude Platform — Security Posture
-
Follow the same navigation path.
-
Select Claude Platform, click Setup Instance.
-
Enter your Admin Key and Claude Console Admin Email.
-
Click Grant Access.
3. Claude Enterprise — CASB API (for DLP)
-
Navigate to Settings > Configure App Access > Next Gen > CASB API.
-
Select Claude Enterprise, click Setup Instance.
-
Enter your Compliance Access Key.
-
Click Grant Access.
Within minutes, Netskope begins inventorying your Claude environment, evaluating security posture, scanning conversations for sensitive data, and monitoring the Activity Feed.
What This Means for Your Security Program
-
For Security Engineers: You can finally answer questions like: "Are there API keys created by people who've left the company?" or "What MCP servers have been connected to Claude, and by whom?"
-
For Compliance Teams: Posture findings map directly to compliance frameworks (GDPR, HIPAA, AICPA, NIST), providing continuous audit evidence rather than point-in-time assessments.
-
For SOC Analysts: Behavioral alerts integrate natively with your existing SIEM and alerting workflows. An SSO tampering event shows up in the exact same console where you handle every other incident.
-
For CISOs: Claude gets the same enterprise-grade security governance as your other critical SaaS applications. One platform. One policy set. One team. AI adoption doesn't have to mean security regression.
Closing Thought
The pace of AI adoption will not slow down. Your developers will use Claude Code. Your analysts will build Projects. Your platform teams will deploy workspaces. The question is not whether Claude is in your environment — it's whether you have visibility into it.
Netskope's integration with the Claude Compliance API ensures that as Claude usage scales, your security posture scales with it.
See a walkthrough of the integration in the demo video here
Discover your environment. Evaluate continuously. Protect what matters.
Availability: This integration is available in private preview for Netskope and Anthropic customers using Anthropic-hosted Claude Enterprise and Claude Platform deployments. To get started, reach out to your Netskope representative or visit the Netskope documentation for setup instructions.
