New product integrations bring data protection, insider risk detection, and governance into Claude Enterprise and Claude Platform activity
For most of the past decade, enterprise security programs were built around a reasonably stable assumption: the things that needed governing were done by people. People sent emails, accessed sensitive files, triggered workflows, and made decisions. The security and compliance infrastructure built around that assumption, the DLP policies, the insider risk models, and the communications governance frameworks reflected it at every layer.
That assumption no longer holds. AI agents are reading files, drafting communications, influencing decisions, and triggering the same workflows that human employees do, often with access to the same sensitive data and systems. Proofpoint’s integration with Anthropic’s Claude Compliance API is an attempt to bring that activity inside the governance perimeter that enterprises already run, rather than managing it through a separate stack that nobody has the bandwidth to maintain.
The Gap the Integration Is Closing
Proofpoint’s 2026 AI and Human Risk Landscape Report found that nearly nine in ten organizations globally have moved AI assistants beyond the pilot stage. In the same report, 42% said they had already experienced a suspicious or confirmed AI-related security incident. Those two figures sitting next to each other tell a specific story: deployment is outpacing the governance infrastructure meant to support it.
The problem is not that AI tools are inherently ungovernable. It is that the controls enterprises already have, classifiers, behavioral risk models, DLP policies, and supervision workflows, were scoped to human activity. An AI agent operating in the same environment as a human employee, accessing the same collaboration tools and data stores, sits outside those controls by default unless someone explicitly extends them.
Mayank Choudhary, EVP and GM of Proofpoint’s Information Protection, Cloud Security and Compliance Products Group, put the core argument plainly: “Organizations cannot succeed with one governance model for people and another for AI. Humans and AI agents operate in the same workflows, access the same sensitive data, and shape the same business decisions. They require one control layer. By extending our data security, insider risk, and communications governance solutions into Claude, we’re enabling customers to manage AI activity through the same platform they trust to protect the rest of their enterprise.”
Two Integrations, Two Different Risk Surfaces
Data Security and Insider Risk
The first integration pulls Claude Enterprise conversation content and Claude Platform activity logs into Proofpoint‘s data security and insider risk solution. Organizations can apply the classifiers, behavioral risk models, and DLP policies they already use across endpoint, email, and cloud environments to Claude prompts, responses, file interactions, projects, and administrative activity.
The practical significance here is consistency. A DLP policy that flags sensitive customer data leaving through email should apply the same logic when that data appears in a Claude prompt. A behavioral risk model that detects anomalous access patterns from a human employee should detect the same patterns when an AI agent is the one exhibiting them. Running those detections through separate systems with separate logic creates the kind of coverage inconsistency that investigators find after something goes wrong.
By bringing Claude activity into the same detection framework already deployed across the enterprise, security teams get a single view of risk that includes both human and AI activity without needing to build parallel investigation workflows.
Digital Communications Governance
The second integration extends Proofpoint’s Digital Communications Governance into Claude Enterprise, and it addresses a subtler problem than the first.
Capturing transcripts of AI conversations is the easy part. What regulated industries actually need for supervision, eDiscovery, and investigations is context, intent, and the sequence of activity behind decisions. A raw transcript of a Claude conversation tells you what was said. It does not tell you what decision it influenced, what data it drew on, or how it fits into the chain of events that led to a particular outcome.
Proofpoint’s DCG integration brings Claude conversations into the same supervision, retention, and eDiscovery workflows that govern human communications. The solution analyzes communication patterns to extract meaning beyond surface content, which is what makes it useful for regulatory review and decision reconstruction rather than just record-keeping.
For financial services firms, healthcare organizations, and other heavily regulated industries where the defensibility of decisions matters as much as the decisions themselves, that capability is not optional. If an AI agent were involved in a workflow that later comes under regulatory scrutiny, the ability to reconstruct what happened and demonstrate appropriate oversight is a compliance requirement, not a nice-to-have.
Why the Claude Compliance API Changes What Is Possible
Choudhary noted in his statement that the Claude Compliance API makes the integration of controls “secure and scalable,” which points to something important about how this kind of enterprise AI governance actually gets built.
Without a structured API that surfaces the data governance platforms need, integrations rely on workarounds that are fragile, incomplete, or both. The Compliance API gives platforms like Proofpoint a reliable, programmatic path to the activity data, user context, and content signals that governance workflows depend on. That foundation is what makes it possible to extend existing enterprise security infrastructure to cover Claude Enterprise without rebuilding the governance logic from scratch.
It also creates a scalable model. As Claude Enterprise deployments grow inside an organization, the governance coverage grows with them through the same integration rather than requiring manual configuration for each new deployment or use case.
One Control Layer for a Mixed Workforce
The framing Proofpoint is using, one control layer for human and AI activity rather than separate stacks, reflects where enterprise security architecture needs to go as AI agent deployment accelerates. The organizations that build separate governance models for AI activity are creating maintenance burden and coverage gaps that will compound over time as the number of agents, tools, and use cases multiplies.
Bringing AI activity into existing security and compliance frameworks, using the same classifiers, the same risk models, the same investigation workflows, is architecturally cleaner and operationally more sustainable. It also means that the institutional knowledge embedded in those existing frameworks, the tuning, the exception handling, the policy logic built up over years of real-world deployment, applies to AI activity rather than starting from scratch.
That is the practical argument for what Proofpoint is building here. The governance infrastructure already exists. The question was always whether it could be extended to cover the new category of actors operating inside enterprise environments. The Claude Compliance API makes that extension possible in a form that enterprise security teams can actually work with.
Research and Intelligence Sources: Proofpoint, Anthropic, Claude
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
