Cloudflare is expanding its Cloud Access Security Broker (CASB) service to include support for the Claude Compliance API. Security and compliance teams can now track how Claude is used directly from the Cloudflare dashboard, with no need for agents installed on endpoints.
Enterprise security teams have traditionally had difficulty monitoring user interactions with both authorized and unauthorized applications. The widespread use of AI tools has added new complexity. Employees now spend considerable time in these emerging digital spaces, engaging in activities that differ from conventional SaaS interactions—uploading files, typing unstructured text prompts, and receiving outputs that might contain confidential information.
Cloudflare CASB addresses this challenge. A single API connection provides out-of-band oversight and management over the apps your enterprise relies on. This integration builds on Cloudflare’s current AI governance features, extending protection to some of the most commonly used tools security teams oversee today.
A quick route to secure AI adoption
AI adoption has outpaced security governance. While IT and security teams raced to implement AI tools for productivity purposes, the necessary controls haven’t kept up. Many organizations currently operate with only limited visibility: they may block unauthorized AI applications at the network level, but can’t observe what’s happening within sanctioned ones.
This matters because AI tools differ significantly from traditional SaaS applications. They maintain conversations, store context, and integrate deeply into workflows through APIs and agent-based frameworks. An employee might paste client data into a prompt. A developer could unintentionally expose an API key and fail to rotate it for months. An AI tool might produce output containing proprietary company information. Each of these scenarios creates compliance risks that standard security tools can’t catch.
Organizations are quickly moving toward AI adoption, but securing these tools demands a different approach. They don’t merely consume data—they generate it, take actions based on it, and connect to multiple systems of record within a single workflow. Security must address the full lifecycle: from how an application calls an API, to the data it processes, to where that information is stored. Cloudflare provides the tools to cover every point in the workflow:
Cloudflare AI Gateway acts as a bridge between your applications and AI providers such as Anthropic, providing insight into requests, token usage, and model performance. This allows administrators to enforce rate limits, cache responses, and make granular routing decisions.
Cloudflare Gateway paired with Data Loss Prevention examines AI traffic for sensitive data, blocking prompts that contain customer personally identifiable information or confidential material before they reach the model.
Cloudflare Access integrated with MCP server portals consolidates agent connections to company tools behind a single secure access point. Administrators manage which users and agents can access which systems, and every request is recorded for audit purposes.
Cloudflare CASB now applies this unified approach to data stored within Claude, identifying misconfigurations and sensitive data without relying on endpoint agents.
These services work together on the same infrastructure, making each one both composable and programmable. Most importantly, traffic doesn’t need to route through multiple vendors or clouds to be safeguarded.
Improved insight and control with Cloudflare CASB
Cloudflare CASB enables organizations to connect to, scan, and monitor third-party SaaS applications for misconfigurations, improper data sharing, and other security threats through lightweight API integrations. Companies can restore oversight and management over their growing SaaS application portfolios.
As enterprises scale Claude deployments, security and compliance teams need the same level of visibility into Claude usage that they have for every other enterprise application in their environment. Anthropic recognized this gap and introduced the Claude Compliance API to give enterprises programmatic access to security-related data about their Claude organizations, workspaces, and usage patterns.
Cloudflare CASB now connects to this endpoint to surface actionable security findings—without requiring inline traffic inspection or installing agents on endpoints.
What the Claude Compliance API detects
Cloudflare One customers can now monitor Claude Enterprise activity using the detection and remediation workflows they already have in place. Cloudflare CASB connects to Claude via the Compliance API and scans for security findings.
As of today, Cloudflare supports security findings for the following asset types:
Projects: Identify projects shared across the organization or with select users and groups
Project attachments: Files and documents attached to projects that breach DLP policies
Chat files: User-uploaded or AI-generated files that breach DLP policies
Chat messages: User prompts and AI responses that breach DLP policies
Artifacts: AI-generated documents and files that breach DLP policies
These findings are displayed directly in the Cloudflare dashboard alongside posture and content findings from your other SaaS applications. Findings are grouped by category and sorted by severity level. Security teams can triage, assign, and remediate Claude-related risks using the same workflows they already use for Microsoft 365, Google Workspace, or Salesforce.
Support for Claude Enterprise and Claude Platform
For Claude Enterprise, CASB displays compliance details like organizations, projects, chats, and roles. It also pulls conversation data, including messages and uploaded files, using special read-only endpoints to help prevent data leaks.
For Claude Platform, CASB will keep tracking member and workspace updates, API key generation, and file creation or download activities. Support for the Activity Feed is coming soon.
CASB helps turn insights into action. For example, if a security issue is detected in Claude—like a user uploading files with sensitive information—you can set up a Gateway policy in just a few minutes. With Gateway, you can block file uploads to Claude for certain users, restrict full access to the app, or limit features until the problem is fixed. This approach helps security teams move from simply seeing issues to taking action by combining CASB findings with Cloudflare’s built-in policy engine.
To set up the Claude Compliance API integration:
Make sure you have a Claude Enterprise account.
Request access to the Compliance API from Claude for your organization.
In the Cloudflare dashboard, navigate to Zero Trust > Integrations > Cloud & SaaS.
Click Add Integration > Anthropic and enter your Compliance API key.
Set up DLP profiles if you want to scan uploaded files for sensitive data.
The integration starts scanning right away and shows results in the dashboard within minutes.
New Cloudflare customers can sign up and try their first two integrations at no cost. Existing customers can enable the integration directly from the dashboard.
We’re continuing to expand CASB support for AI tools as providers introduce new enterprise security APIs. We’re also enhancing CASB integrations so customers can create custom findings and build automated workflows to resolve security issues.
The move to agentic AI is underway, and we believe the best way to help organizations adopt it safely is by offering a unified platform to build, deploy, and manage agents. To stay informed, visit our developer documentation or subscribe for automatic updates.
