Skip to content

Aegis Preflight for Claude Enterprise

Read-only integration with the Claude Compliance API. Aegis turns Claude Enterprise activity and conversation data into auditor-ready evidence packs aligned with SOC 2, HIPAA, ISO 42001, and GDPR controls — detecting PII, PHI, financial data, API secrets, and your team-defined sensitive patterns across chats, files, and projects, with team-level attribution and immutable audit trail.

This connector is post-hoc and read-only. Pre-send blocking on the user's device is provided by the Aegis desktop agent and SDK — separate products that complement this integration. See What this integration covers below for the full split.

What you'll need
Claude plan Claude Enterprise (self-serve or sales-assisted). The Compliance API is not available on Team or Pro.
Anthropic role Primary Owner on the Enterprise org (required to enable the Compliance API and create access keys).
Aegis plan Any paid tier with an active team.
Time to first scan About ten minutes.

What this integration covers

The Compliance API has a specific scope. Aegis's other surfaces cover the rest. The table below makes the split explicit so security and compliance teams know exactly where each control lives.

Surface What's covered Aegis product
Claude Enterprise — chats, files, projects Post-hoc evidence: every chat, file, and project becomes a row in the audit trail with PII/PHI/secrets findings attached. This integration (Compliance API)
Claude Enterprise — activity events Logins, key creation, admin actions, configuration changes. Drives access-review and SOC 2 logical-access evidence. This integration (Compliance API)
Claude Enterprise — pre-send blocking on the user's device Real-time prevention before the prompt ever leaves the laptop. Aegis desktop agent
Claude Platform (API) — inference content Prompts and completions sent through the API. Scan before the API call leaves your service. Aegis SDK (Anthropic wrapper)
Claude on AWS Bedrock or GCP Vertex AI Out of scope of the Compliance API; coverage requires direct integration on the inference path. Aegis SDK + REST API
Other LLMs (ChatGPT, Gemini, Copilot, OSS models) Out of scope of the Compliance API. Aegis desktop agent + SDK

Most Compliance API integrations on the market stop at the first two rows. Aegis covers all six on the same rules engine, with a single audit trail and one evidence-pack output.

1. Enable the Compliance API in claude.ai

In claude.ai, signed in as Primary Owner:

  1. Organization settings → API → Compliance API
  2. Click Enable.
  3. Accept the data-access acknowledgment.

This unlocks the Compliance Access Key creation surface.

Why Primary Owner

Anthropic restricts Compliance API enablement to the Primary Owner role. If you are not the Primary Owner, ask your Anthropic administrator to enable it once; subsequent key creation can be delegated to other admins.

2. Create a Compliance Access Key

Still in Organization settings → API → Compliance API:

  1. Click + Create key.
  2. Name it aegis-preflight-prod (or any name you'll recognize in audit logs).
  3. Grant the following scopes:
    • read:compliance_activities — required for the activity feed
    • read:compliance_chats — required for chat content scanning
    • read:compliance_files — required for file content scanning
  4. Copy the key value. Anthropic shows it once. If you lose it, revoke and create a new one.

3. Paste the key into Aegis

In the Aegis dashboard:

  1. Settings → Integrations → Claude Enterprise → Connect
  2. Paste the Compliance Access Key.
  3. Click Test connection. Aegis calls GET /v1/compliance/activities?limit=1 and confirms the key works.
  4. Click Save.

The key is encrypted at rest in AWS Secrets Manager, never returned through any Aegis API or UI surface, and never written to application logs. Rotate at any time from the same screen.

4. First scan and first evidence pack

Within five minutes of saving the key, the Aegis polling worker runs its first iteration and ingests activity events on the starting_after cursor (100 records per page). Activity events of type claude_chat_created, claude_chat_updated, claude_file_uploaded, and claude_project_created trigger on-demand content fetches against the chat and file endpoints, which are then scanned by the Aegis detection engine.

To verify findings are flowing:

  1. Activity → Filter → Source: Claude Enterprise
  2. Events with timestamps from the last few minutes should appear.
  3. Click any event flagged with PII or PHI to inspect the detection detail.

Once data has accrued (typically 24 hours for a meaningful auditor-ready first cut):

  1. Audit → Evidence Pack → Claude Enterprise → Generate PDF
  2. Pick the control framework (SOC 2, HIPAA, ISO 42001, GDPR) and reporting window.
  3. Export. Hand to your auditor.

What Aegis pulls from the Compliance API

Endpoint When Why
GET /v1/compliance/activities Every 5 minutes per tenant Drives the audit trail. Cursors checkpointed per team; idempotent on retry.
GET /v1/compliance/chats/{id} On-demand, triggered by chat activity events Content scanning for PII, PHI, secrets, financial data, customer-defined patterns.
GET /v1/compliance/files/{id} On-demand, triggered by file upload events File content scanning.

Aegis does not bulk-synchronize content. Content endpoints are called only when an activity event matches a customer-configured rule (for example, a chat created in a project marked sensitive). This keeps request volume well below the 600 RPM per-parent-org rate limit and minimizes the amount of customer data accessed and stored.

Data handling and content retention

The Compliance API returns raw conversation content — user prompts, Claude responses, and uploaded file bytes. By design, Aegis processes that content with the smallest possible footprint.

Default behavior (every customer)

  • Chat and file content is fetched into worker memory only, scanned by the detection engine, then discarded. Raw prompt text and file bytes are not persisted to any Aegis datastore.
  • What Aegis stores per event: finding records (count, type, position offsets, optional redacted snippet for context), activity metadata (actor, timestamp, event type), the policy decision, and Anthropic IDs for cross-reference. Never the full prompt.
  • Detection runs in the same process that fetched the content; the raw payload never crosses a service boundary inside Aegis.

Opt-in: full-content retention

Customers with eDiscovery, internal-investigation, or supervision requirements (HIPAA breach forensics, financial-services supervision, legal hold) can opt into retaining the full chat and file content inside the Aegis tenant. Disabled by default; toggled per-team in Settings → Integrations → Claude Enterprise → Retention with a configurable TTL.

Why this matters

Forwarding every Claude chat to a SIEM, archive, or external dashboard creates additional copies of customer data outside Anthropic — a real exposure risk under data-minimization regimes (GDPR Article 5(1)©, HIPAA Minimum Necessary, ISO 27001 A.8.2.3). Aegis's findings-only default keeps the secondary copy ephemeral: content exists for the duration of a scan (seconds) and is then garbage-collected. The audit trail and evidence packs remain complete; the standing data exposure is bounded.

How findings appear

Every Claude activity event becomes a row in the Aegis audit trail with source = "claude_compliance_api". When content is fetched and scanned, the row is enriched with:

  • findings — per-type counts (EMAIL, PHONE, SSN, CREDIT_CARD, API_SECRET, IBAN, PHI_KEYWORD, plus any customer-defined kinds)
  • decision — ALLOWED, ALLOWED_WITH_MASKING, or BLOCKED according to your team rules
  • policy_id — which team rule the event matched
  • claude_activity_id, claude_chat_id, claude_file_id — IDs for cross-reference back to Anthropic

Findings surface in the Aegis dashboard alongside findings from your other Aegis surfaces, so security and compliance teams get one view across every channel where regulated data moves.

Evidence packs by control framework

Aegis generates an evidence pack per compliance program. Each pack includes a coversheet, the controls mapped, the supporting events, and an auditor-readable narrative.

Framework Sections covered
SOC 2 CC6 Logical Access (Claude user/role activity, key rotation history), CC7 System Operations (content-access events, anomalous-use detections)
HIPAA 164.312 Audit Controls — PHI detection events, masking decisions, blocked actions; 164.308 administrative safeguards — access reviews
ISO 42001 AI Management System — AI usage inventory, sensitive-data flows, governance attestations
GDPR Article 30 Records of Processing — personal data processed via Claude, lawful basis, retention disposition

If you have the Vanta or Drata connector wired up, evidence flows directly into those control libraries instead of (or alongside) the PDF export.

Polling, rate limits, and backoff

Aegis polls the Activity Feed every five minutes per tenant with the starting_after cursor, 100 records per page. Cursors are checkpointed after every successful page, so worker crashes or 429 responses resume from the last fully-processed event with no duplicates and no gaps.

On 429 Too Many Requests, Aegis honors the Retry-After header when present, otherwise applies exponential backoff starting at one second and capped at sixty seconds. Per-tenant requests are serialized so a busy customer cannot exhaust the 600-RPM-per-parent-org shared budget.

Revoking access

To disconnect Aegis from a Claude Enterprise tenant:

  1. In Aegis: Settings → Integrations → Claude Enterprise → Disconnect. The key is removed from Aegis storage; historic findings remain in the audit trail (immutable by design).
  2. In claude.ai: Organization settings → API → Compliance API → revoke the aegis-preflight-prod key. This ensures Aegis cannot call the API again even if the key value were retained anywhere else.

Always do both steps. Aegis-side disconnect alone does not revoke the key on the Anthropic side.

Frequently asked

Does this integration block data being sent to Claude?

No. The Compliance API is post-hoc — it returns chats and files after they have been created. Pre-send blocking on the user's device is provided by the Aegis desktop agent. Pre-send blocking on API calls is provided by the Aegis SDK Anthropic wrapper. This integration is for visibility, audit evidence, and policy attribution after the fact.

Does this cover Claude on AWS Bedrock or GCP Vertex AI?

No. The Compliance API covers Claude Enterprise (claude.ai) and the Claude Platform. Claude usage on third-party clouds is out of scope for this integration; use the Aegis SDK on the inference path instead.

Does this cover model inference content on the Claude Platform (API)?

The Compliance API exposes activity events for Claude Platform but does not expose inference content (prompts and completions sent through the API). For Platform-side inference content scanning, use the Aegis SDK Anthropic wrapper, which scans prompts before they leave your application.

What's the latency between a Claude chat and an Aegis finding?

Up to five minutes — the polling interval. We're tracking webhook support from Anthropic, which would reduce this to seconds when available.

How is the Compliance Access Key stored?

AWS Secrets Manager, KMS-encrypted, customer-isolated, never returned through any Aegis API or UI surface, never written to application logs. Access is restricted by IAM to the integration worker role, with all access logged to CloudTrail.

Does Aegis store the Claude conversation content it fetches?

Not by default. See Data handling and content retention above for the full policy. Customers with eDiscovery, internal-investigation, or supervision requirements can opt into full-content retention per-team in Aegis admin.

Need help?

Email [email protected] with your team ID and the approximate timestamp of the issue. For Compliance API-specific errors (4xx or 5xx from Anthropic), include the request-id header from the response — Anthropic's support team uses it to trace the call.