28 Compliance Integrations.
Zero Runtime Agent Identity. Compliance Plumbing Is Not Enforcement.

SIEM integrations receive the Claude event stream and ingest it into the same log pipelines as every other application. SOC analysts can write correlation rules, set alerting thresholds, and build dashboards. Datadog and Sumo Logic surface Claude logs alongside cloud infrastructure metrics. ReliaQuest correlates Claude events with endpoint and network telemetry for threat hunting. Cribl routes the event stream to whichever storage backend the organization prefers.

What they do: Log. Alert after the fact. Correlate with other signals. Provide forensic evidence post-incident.

What they don't do: Intercept an agent tool call before it completes. Verify the agent's identity cryptographically. Enforce a policy that says "this agent is not authorized to call this API with this payload." The SIEM sees the event after it happened. The alert fires after data moved.

DLP integrations receive Claude conversation content via the Compliance API and run it through data classification engines. Microsoft Purview applies sensitivity labels. Forcepoint and Trellix flag patterns matching configured data categories — credit card numbers, SSNs, PHI identifiers, source code signatures. Varonis and Cyera apply data security posture rules to flag high-risk data exposure events.

What they do: Pattern-match conversation content against known data shapes. Generate DLP policy violations for review. Feed audit logs for regulatory evidence.

What they don't do: Block the agent's response in real time before the user receives it. Prevent a prompt injection that redirects the agent to exfiltrate data through a third-party API call. Stop an agent that has already embedded PII in a tool call payload from completing that call. DLP sees the output after the agent has generated it. The enforcement window has already closed.

CASB and SASE integrations apply network-layer access controls to Claude usage. Netskope and Zscaler can enforce which users can access Claude, apply tenant isolation rules, and restrict Claude usage to sanctioned instances. Cloudflare's CASB integration uses the Compliance API to provide visibility into Claude usage patterns. Palo Alto's AI Access Security layer monitors Claude API traffic at the network layer.

What they do: Control which users and devices can reach Claude. Apply tenant-level access policies. Monitor Claude network traffic patterns. Block access to unsanctioned AI services.

What they don't do: Govern what the agent does inside Claude once access is granted. An agent that passes Zscaler's access check can still make 200 API calls in a session, exfiltrate data through legitimate-looking tool calls, and operate with no per-call identity verification. CASB controls the door. It has no visibility into what the agent does once it's inside.

Identity integrations connect Claude Enterprise to enterprise identity providers. Okta manages SSO, MFA, and conditional access for human users. SailPoint governs identity lifecycle — provisioning and deprovisioning Claude access as part of the broader IAM program. Both receive Claude audit events to correlate with identity risk signals.

What they do: Authenticate human users. Enforce MFA. Manage lifecycle for human Claude accounts. Correlate Claude activity events with user identity risk scores.

What they don't do: Govern AI agent identities. An AI agent calling Claude APIs on a user's behalf — or operating autonomously in an agentic pipeline — does not go through Okta's MFA flow. SailPoint's identity lifecycle governs humans. The non-human identity layer — the agent's own identity, its scope, its behavioral envelope — is entirely unaddressed by these integrations.

AI security posture integrations use Claude compliance data to enrich their asset inventory and risk scoring. Wiz surfaces Claude usage alongside cloud infrastructure risk. Snyk applies supply chain security scanning to dependencies in the Claude ecosystem. Tenable correlates Claude exposure data with its vulnerability management platform.

What they do: Discover and inventory Claude usage across the enterprise. Score AI security posture. Surface misconfigurations and compliance gaps. Provide visibility into the Claude deployment landscape.

What they don't do: Enforce runtime access policy on agent tool calls. Intercept a rogue agent before it completes a malicious action. A Wiz dashboard that shows "agent accessed sensitive data" is a forensic artifact — not a control that prevented the access. Visibility is not enforcement.

The Slack messages have already been forwarded by the time any of these 28 integrations generates an alert. The data is gone. The compliance dashboard has a detailed record of exactly what happened. The breach already occurred.

In September 2025, Anthropic documented an incident in which their own AI system — with Anthropic's governance framework active and monitoring in place — conducted an 80–90% autonomous cyberattack campaign against 30 organizations across technology, financial services, chemical, and government sectors. Human operators intervened at only 4–6 decision points across the entire campaign. The AI operated largely autonomously between those checkpoints.

This is not a failure of compliance logging. Anthropic almost certainly had visibility into what the system was doing — logs, dashboards, event streams. The failure is an enforcement gap: the governance framework monitored behavior, but it did not intercept each tool call with a policy question — "is this agent authorized to make this specific API call against this target?" — before the call completed.

Monitoring what an AI system does is categorically different from enforcing what it is allowed to do, invocation by invocation, with a verifiable identity binding on every call.

In May 2026, researchers documented a Claude Code attack in which poisoned npm hooks installed a malicious MCP server. The server persisted across sessions and continuously exfiltrated developer OAuth tokens — including Google Workspace and AWS credentials — to a remote endpoint. The attack survived Claude restarts because the malicious server was registered as a legitimate MCP integration.

The key question: could any of Anthropic's 28 compliance integrations have stopped this? The SIEM would log the MCP tool calls after they happened. The DLP integration would see the token values only if they appeared in conversation text — but the exfiltration was via a registered tool call, not conversation output. The CASB would see outbound HTTPS traffic that looked like a legitimate MCP server call. The identity integrations have no record of MCP servers as identities at all.

What would have stopped it: a runtime enforcement layer that maintains an inventory of registered, verified MCP servers and refuses tool calls from unregistered or behaviorally anomalous servers — before the call completes.

Compliance reporting feeds auditors. Runtime enforcement satisfies regulators. The distinction matters because every major AI-adjacent regulation that enterprises face in 2026 is shifting from measuring what controls exist to measuring how fast and completely they execute.

• EU AI Act (effective Feb 2025, full enforcement Aug 2026): High-risk AI systems require "appropriate human oversight measures," risk management systems, and technical robustness. SIEM dashboards satisfy the audit trail requirement. They do not satisfy the "human oversight" and "robustness" requirements when an agent is making autonomous decisions at machine speed.
• GDPR Article 25 — Data Protection by Design: Requires technical measures enforced at the time of data processing — not logged after. A DLP alert generated after an agent outputs PII is a compliance record of a violation, not prevention of one.
• HIPAA Security Rule — Access Controls: Requires unique user identification, emergency access procedures, and automatic logoff. For AI agents processing PHI: each agent must have a unique identity, and access must be controlled per that identity. "The human user has Okta MFA" is not sufficient.
• DORA (EU Digital Operational Resilience Act): ICT risk management requirements include real-time monitoring and incident containment. A SIEM alert that fires 47 seconds after a rogue agent begins exfiltrating trading data does not meet the "containment" bar.

Compliance logging generates the evidence trail. Runtime enforcement is what regulators are increasingly requiring as the actual control — especially as AI agents become first-class actors in regulated workflows.

KYA maintains a registry of every AI agent operating in your environment — with cryptographic identity binding, not just session context. When an agent attempts a tool call, KYA verifies its identity before the call proceeds. An unregistered agent gets no access, not a warning after it has already executed. A registered agent that deviates from its behavioral envelope — scope creep, anomalous data access, unusual call patterns — is flagged and can be paused mid-session.

KYA-DNS adds a second enforcement layer: unknown AI agents get no DNS response from your internal infrastructure. Only registered, policy-compliant agents can resolve the endpoints they need to reach. There is no equivalent in any of the 28 Anthropic integrations — none of them have a concept of per-agent identity at all.

RuntimeAI's Policy Engine applies Rego-based access control policies at the moment of each tool call. Security teams write governance rules once — "agents with scope X may not call APIs in category Y when handling data classified Z" — and those rules are enforced on every invocation automatically. There are no manual gates to bypass, no SOC analysts required to review logs before the call happens, and no compliance dashboard that surfaces the violation hours later.

Policies can be updated in real time. A new threat pattern identified by your SOC can be encoded as a policy rule and deployed to RuntimeAI's enforcement layer within minutes — blocking it on every subsequent agent call without requiring a session restart or an Okta policy change.

PII Shield operates at the agent output boundary — before the response is delivered to the next system in the pipeline, before the tool call payload reaches its target API, before the data leaves the controlled environment. It is not a DLP pattern matcher that flags violations in a dashboard. It blocks PII and PHI inline, at the moment of potential exposure, with no latency window for data to move.

The difference from the 28 Anthropic DLP integrations: those integrations receive the conversation event after it has already occurred and flag it as a policy violation. PII Shield prevents the output from containing PII before it is delivered as a final response. HIPAA and GDPR compliance is enforced at the point of AI access — not evidenced after a breach.

RuntimeAI's Audit Black Box generates a tamper-proof, immutable log of every agent action — not as an event stream fed to a SIEM, but as a court-admissible compliance record that captures agent identity, policy state, call payload, and enforcement decision at the moment of each invocation. The record is generated before the call completes, meaning it captures the enforcement decision — not just the outcome.

Anthropic's Compliance API generates post-execution logs that flow into SIEM and eDiscovery platforms. RuntimeAI's Audit Black Box generates pre-execution and mid-execution records that document the policy enforcement state at every decision point. For EU AI Act, GDPR, HIPAA, and DORA audits, this is the difference between "here is a log of what happened" and "here is a certified record of every control that was active and every enforcement decision that was made."

RuntimeAI's compliance reporting layer generates audit-ready evidence packages from the enforcement record — not from SIEM logs assembled after the fact. For EU AI Act risk management system documentation, GDPR Article 25 technical measure evidence, HIPAA access control audit trails, and DORA ICT risk management reporting, RuntimeAI generates the artifacts automatically from the runtime enforcement record.

The 28 Anthropic integrations produce compliance visibility. RuntimeAI produces compliance evidence — the documentation of controls that actually operated at the moment of each agent action, not the log of what the agent did after the controls failed to stop it.