Anthropic just shipped a Compliance API for Claude Platform organizations that gives security teams programmatic access to audit logs - who did what, when, and from where.
The API covers two categories of activity. Admin events include things like adding workspace members, creating API keys, changing account settings, and login/logout tracking. Resource events cover file creation, downloads, deletions, and skill modifications. You can filter logs by time range, specific users, or individual API keys.
One notable gap: the API does not log actual conversations with Claude. You can see that someone created an API key at 2:15 PM, but not what they asked the model afterward. For organizations that need conversation monitoring, that's a separate problem.
The target audience is clear - regulated industries like finance, healthcare, and legal where audit trails aren't optional. Organizations running both Claude Platform and Claude Enterprise can pull logs from a single consolidated feed, which simplifies compliance reporting.
There are two practical limitations to know about. First, logging only starts when you enable the API - there's no backfill of historical activity. Second, you need to contact Anthropic's account team to get it turned on; this isn't a self-serve toggle. You'll also need admin-level API keys to query the endpoint.
This is table-stakes functionality for enterprise sales. Competitors like OpenAI and Google already offer similar audit capabilities, so this is Anthropic catching up rather than breaking new ground. But for teams that have been waiting on this before they could deploy Claude in regulated environments, it removes a real blocker.