Enterprise AI, fully covered: Vega integrates with Anthropic's Claude Compliance API
Vega now integrates directly with Anthropic's Claude Compliance API, bringing Claude Enterprise activity into the same platform your security team already uses to investigate everything else.
The Compliance API tells you what happened inside Claude: who signed in, what changed, what key got created. You need that. What it doesn't tell you is what that identity did next - on the endpoint, the network, or anywhere else in the estate. That's the layer this integration closes.
Why we built it now
As enterprises rapidly adopt AI assistants, security teams need the same level of visibility into AI platforms that they already have across the rest of their technology stack. Today, we're excited to announce Vega's integration with the Anthropic Claude Compliance API, bringing Claude Enterprise activity directly into Vega for centralized security monitoring, investigation, and governance.
With this integration, security teams can investigate Claude activity alongside the rest of their security telemetry, without switching tools or maintaining separate workflows.
Claude adoption inside enterprises has outpaced the tooling built to watch it. Employees are creating API keys, changing roles, and connecting integrations inside Claude orgs every day, and none of that showed up in a SIEM, a CASB, or anywhere else a security analyst was already looking. We didn't want Vega customers choosing between adopting Claude quickly and keeping visibility into how it's used, so we built this integration to remove that trade-off.
What this looks like in practice
During an incident, a SOC analyst shouldn't have to open a separate Claude console to answer a basic question: who touched this Claude organization, when, and from where. With this integration, that becomes a query alongside everything else already in Vega - which identities signed in, what admin or role changes they made, and what IP and user agent the activity came from.
The same data answers a slower, standing question too. When a CISO or compliance owner needs to show what Claude usage looked like over the last quarter, it's a query against data that's already in the platform, sitting alongside the rest of the organization's audit story, rather than a request to pull an export from somewhere else.
.png)
This is one data source. The bigger bet is what it plugs into.
An audit log tells you what Claude decided. It doesn't tell you what happened after - the API call the agent made, the file it touched, the system it reached. Answering that requires seeing the whole estate at once, not just the model's own record of itself.
That's what Vega built the Security Analytics Mesh (SAM) to do: the first federated analytics engine fast enough to keep pace with frontier models and complete enough to see the entire estate, making it the operating system the agentic era runs on. SAM runs a single query across every legacy SIEM, data lake, and cloud source where the data already lives, returning normalized results in seconds - without ingestion, migration, or moving a byte of data. That's the unlock the AI era was missing: not the sliver of telemetry an enterprise could afford to centralize, but complete coverage of every source, queried in a single pass.
SAM exposes that engine through a single MCP, so Cyber Defense Engineers, Claude, and every agent can hunt, detect, triage, investigate, and tune across the whole estate through one interface, with no console required. Claude is the intelligence powering those agents in production. Vega's federated analytics gives that intelligence everything to reason over; judgment is what turns it into a verdict. A frontier model applied to a raw alert with no environment context, no institutional knowledge, and no domain judgment guesses - and in a SOC, a wrong guess isn't a metric, it's a breach.
The Claude Audit Log integration is one accessible data source in that mesh. It won't be the last. Learn more about how this shows up in real environments here.
Simple deployment, no agents required
The integration connects to Anthropic's Compliance API as a live data source, authenticating with a scoped, admin-issued API key rather than a deployed agent.
Within Claude, your primary owner creates a Compliance Access Key scoped to read:compliance_activities - Vega only reads the Activity Feed, never content. Drop that key into Connectors in Vega, and Claude activity shows up as a normalized data source, queryable alongside everything else, with nothing further to configure on either side.
This gap exists at every enterprise adopting Claude right now
Most security teams don't yet know how much Claude activity is happening inside their org without a corresponding line in their SIEM. The question isn't whether that activity is happening. It's whether you'd see it if it mattered.
Frequently asked questions
Does this replace the need for a broader security analytics layer?
No. This integration makes Claude's own activity queryable inside Vega. Seeing what happens after an agent acts - on the endpoint, network, or cloud - is a separate, bigger problem, which is what SAM is built to federate across.
What does Vega actually read from the Compliance API?
The Activity Feed, via a scoped read:compliance_activities key - sign-ins, admin and role changes, API key creation, IP and user agent. Vega does not request content read or delete scopes.
Does this require deploying an agent inside our Claude org?
No. It's a live data-source connection authenticated with an admin-issued API key, not a deployed agent.

.png)
.png)
.avif)

