On this page
TL;DR
Anthropic's Claude offers a strong native safety posture (Constitutional AI, robust refusal behaviour, transparent system cards) and enterprise-grade infrastructure (SOC 2 Type 2, ISO/IEC 27001, BAA on request, no-training default, prompt caching). An Areebi control plane adds value at the boundary - workspace-level identity, DLP at the prompt layer, cross-vendor audit, and integration with the broader AI Acceptable Use Policy. This post walks the architecture honestly, including where Areebi overlaps with Anthropic's native controls. Source: Anthropic Trust portal and Claude API documentation as of May 2026. Updated 2026-05-20.
What this post is and is not
This post is an architectural walkthrough for security architects and CISOs evaluating how to deploy Anthropic Claude inside an enterprise governance posture. It is not a vendor comparison and it is not a Claude marketing document - we are deliberately explicit about where Anthropic's native controls already cover the requirement and an Areebi layer would be additive rather than substitutive.
We cover four deployment shapes (Claude API direct, Claude Enterprise, Claude on AWS Bedrock, Claude on Google Vertex), the safety substrate (Constitutional AI and the system card discipline), and the boundary functions where the Areebi control plane sits.
Four Claude deployment shapes
Anthropic Claude is available through four primary enterprise paths, each with different control surfaces. The right deployment shape depends on existing cloud contracts, data residency requirements, and whether the workload is general productivity or custom application.
1. Claude API direct (api.anthropic.com)
The native API is the substrate for custom applications and integrations. Access is via API key, with rate limits and capacity tiers based on contract terms. The Enterprise tier provides higher rate limits, contractual no-training, EU and US region selection, and a BAA on request. This is the deployment shape most enterprises pair with the Areebi control plane, because the API is where prompt-layer DLP and audit logging deliver the most value.
2. Claude Enterprise (claude.ai workspace)
Claude Enterprise is the workspace product analogous to ChatGPT Enterprise. It provides SAML SSO, SCIM provisioning, admin controls, knowledge ingestion, and conversation history with workspace-level retention controls. The no-training default applies. This is the right deployment shape for general employee productivity; for custom workflows the API is usually a better substrate.
3. Claude on AWS Bedrock
Claude is available as a foundation model in AWS Bedrock, which inherits the AWS security and compliance posture (FedRAMP High, HIPAA-eligible, IL5 for GovCloud workloads). The Bedrock path is preferred when the customer already operates inside AWS with a strict AWS-only data perimeter, when FedRAMP High is required, or when the workload integrates tightly with other AWS services (S3, Kendra, OpenSearch). Anthropic does not see customer data on the Bedrock path; the model is served entirely inside AWS.
4. Claude on Google Vertex AI
Claude is also available on Google Cloud Vertex AI, with the equivalent Google Cloud security posture (ISO/IEC 27001, SOC, HIPAA, FedRAMP Moderate in selected regions). Preferred when the customer operates inside Google Cloud and integrates with other Google services. The data perimeter properties parallel the Bedrock path - Anthropic does not see customer data on the Vertex path.
Claude's native enterprise controls
Anthropic publishes one of the more transparent safety and security postures among foundation model vendors. The Trust portal exposes the current attestations, the data processing addendum, the subprocessor list, and the safety documentation. Six native capabilities are credibly enterprise-grade as of May 2026.
SOC 2 Type 2 and ISO/IEC 27001
Anthropic maintains SOC 2 Type 2 covering the Claude API and Claude Enterprise. ISO/IEC 27001 certification is documented on the Trust portal. CSA STAR attestation is published. For most CISO vendor security questionnaires, these attestations cover the bulk of the security domain questions out of the box.
No-training default
Anthropic does not train models on customer inputs or outputs from Claude API on Enterprise terms or from Claude Enterprise workspaces. The commitment is documented in the DPA. For consumer Claude (claude.ai free and Pro tiers) the policy differs, which is why personal-tier use of Claude is a similar shadow risk vector to personal-tier ChatGPT.
Constitutional AI as the safety substrate
Anthropic's Constitutional AI approach - first published in 2022 and refined across model generations - trains Claude against a written constitution of principles rather than purely from human preference data. The practical effect is that Claude tends to refuse clearly harmful or policy-violating requests more reliably than models trained purely on preference data, and the refusal rationale is more transparent. For enterprise CISOs, this reduces (but does not eliminate) the need for an external content classifier on the request path - the Areebi DLP layer still adds value, but the model is a stronger first line of defence than many alternatives.
System cards and the responsible scaling policy
Anthropic publishes a system card per major Claude release, documenting safety evaluations, capabilities, and known limitations. The Responsible Scaling Policy (RSP) commits Anthropic to specific safety practices at each capability tier (currently ASL-2 with ASL-3 thresholds defined). For procurement teams, the system card and RSP are the artefacts that satisfy NIST AI RMF MAP and MEASURE evidence requirements at the foundation model layer.
Prompt caching and model versioning
Claude supports prompt caching (cache long context once, reuse across many queries) and explicit model version pinning. Prompt caching matters for cost and latency control on large-context workloads; explicit version pinning matters for change management discipline. CISOs should require version pinning in production workloads and document the version-bump approval process in the AI Governance Committee charter.
Region selection and BAA
Claude API Enterprise tier supports region selection (US and EU) for data processing and storage. A BAA is available on request after a HIPAA readiness review. Combined with the Bedrock and Vertex paths, the deployment options cover most US, EU, and FedRAMP-aligned data residency requirements.
Where Areebi sits beside Claude (and where it does not)
An honest division of responsibility: Anthropic owns the model and the safety substrate; Areebi owns the boundary - identity, DLP, audit, policy. The combination is stronger than either alone, but there are clear overlaps where the value-add is incremental rather than transformative. The list below distinguishes the two.
Boundary 1: Identity, workspace, and per-team policy
Areebi adds a workspace abstraction on top of the Claude API, with SAML SSO, SCIM, and fine-grained role-based policy. Customers using Claude Enterprise already have workspace identity at the Anthropic layer; Areebi adds value by extending the workspace identity to API workloads and unifying it with the rest of the AI estate (OpenAI, Google, embedded vendors).
For customers using Claude API directly (no Enterprise workspace), the Areebi workspace is the primary identity layer and the value-add is substitutive rather than additive. For customers using Claude Enterprise alongside the API, the Areebi value-add is in the cross-vendor unification.
Boundary 2: DLP at the prompt layer
Areebi inspects each prompt against PII patterns, code signatures, custom classifiers, and configured allow/block lists before the request reaches Claude. This is additive even though Claude has strong native refusal behaviour, because: refusal is about the model declining harmful or sensitive responses, whereas DLP is about preventing sensitive customer data from leaving the perimeter in the first place. The two are complementary, not duplicative.
Areebi DLP also supports redaction-and-replay (sensitive tokens are replaced with placeholders, the request is processed, the response is rehydrated with the original tokens for the user) which is not a native Claude capability.
Boundary 3: Audit log and SIEM integration
Anthropic provides admin audit logs in the Claude Enterprise console and via the Console API. Areebi adds per-interaction audit telemetry (who, what, when, which policy fired, what was redacted) forwarded to a SIEM in standard formats. The Anthropic log is sufficient for workspace administration audit; the Areebi telemetry is required for SOC integration and incident investigation at the conversation level.
Boundary 4: Cross-vendor unified policy
One AI Acceptable Use Policy that means the same thing across Claude, OpenAI, Gemini, and embedded SaaS AI - this is the largest single value-add of an external control plane. Anthropic's native controls apply only to Claude. The Areebi policy engine applies the same rules across providers, so a customer service rep cannot paste a customer's email and address into Claude or ChatGPT or a Slack AI app - the rule is uniform.
For customers who have standardised entirely on Claude, this boundary value-add is smaller. For customers who use Claude alongside other providers (the majority pattern in mid-market and enterprise), it is the primary reason to deploy a control plane.
Boundary 5: Compliance evidence and inventory
The Areebi inventory and compliance dashboards aggregate evidence across Claude, OpenAI, and other providers into a single artefact for auditors and regulators. The Anthropic system cards and SOC 2 report cover the foundation model layer; the Areebi telemetry covers the deployment layer (which users, which use cases, which policy rules, which exceptions). Both are needed for a complete NIST AI RMF MEASURE or EU AI Act conformity assessment.
See Areebi in action
Get a 30-minute personalised demo tailored to your industry, team size, and compliance requirements.
Get a DemoHonest overlaps and where Areebi is not strictly necessary
Three areas where Areebi's value-add is incremental rather than transformative, in the interest of architectural honesty.
Native refusal behaviour. Claude's Constitutional AI training produces strong refusal behaviour for clearly harmful requests. An external content classifier on the request path adds defence in depth, but customers running only Claude (no other providers) and only general productivity workloads may find the native behaviour sufficient for the model-side of the policy. The Areebi DLP value-add remains, because DLP and refusal are different problems.
Bedrock / Vertex path. When Claude is deployed via AWS Bedrock or Google Vertex, the cloud provider's IAM, logging, and DLP integrations are extensive. Customers fully committed to a single cloud may prefer to invest in cloud-native controls rather than adding an external control plane. The Areebi value-add is highest when the customer uses multiple providers and multiple clouds; it is lowest in a single-cloud, single-provider deployment.
System card and RSP evidence. Anthropic's published system cards and Responsible Scaling Policy are high-quality MAP and MEASURE evidence. An Areebi-side evidence layer adds the deployment context, but the foundation-model-side evidence is largely complete already. Customers should not pay twice for the same compliance evidence.
At Areebi, we built the platform to add the boundary functions (identity, DLP, audit, cross-vendor policy) that Anthropic cannot deliver as a model vendor - not to duplicate the safety substrate Anthropic already invests in heavily. This is the architectural pattern recommended by NIST AI RMF GOVERN 6 (third-party AI risk): the model vendor owns the model; the deployer owns the boundary.
Reference architecture: Claude + Areebi
The recommended deployment pattern places Areebi between the user (or application) and the Anthropic API or Claude Enterprise. The data path looks like this.
User to Areebi. User authenticates via the corporate identity provider (Okta, Entra ID, Google Workspace) into the Areebi workspace. SCIM provisioning keeps users, roles, and groups in sync. The Areebi workspace is the user-facing surface.
Areebi policy layer. Each request is evaluated against the policy engine: which model is appropriate (Claude, OpenAI, internal), which DLP rules apply, which audit fields are required. Sensitive content is redacted or replaced according to policy. The decision and rationale are logged.
Areebi to Anthropic. The sanitised request is forwarded to Claude via the API, Claude Enterprise, Bedrock, or Vertex - the path is configurable per workload. Claude generates the response; safety substrate operates as normal.
Response back through Areebi. Response passes back through Areebi, where output policies apply (rehydration of redacted tokens if used, output classification, optional response logging). The user receives the response with audit and policy applied uniformly.
This pattern preserves Anthropic's native safety controls while adding the boundary functions described above. It also supports cross-vendor failover: if Claude is unavailable, the same policy and DLP applied to OpenAI or Gemini means the workload is portable.
Architect's decision checklist
Use the checklist below to decide whether to deploy Claude alone, Claude on Bedrock or Vertex with cloud-native controls, or Claude + Areebi.
- Are you using multiple foundation model providers (Claude + OpenAI + Gemini + others)? If yes, an external control plane is strongly preferred for unified policy.
- Do you have prompt-layer DLP requirements (PII, code, regulated data interception)? If yes, native controls are insufficient; deploy a control plane.
- Do you require SIEM-grade per-interaction audit telemetry across providers? If yes, deploy a control plane.
- Are you fully committed to a single cloud (AWS or GCP) and a single model provider? If yes, native cloud + Bedrock or Vertex controls may be sufficient; reassess if scope expands.
- Do you have FedRAMP, IL5, or sovereign requirements? Use the appropriate Bedrock or Vertex region in combination with the control plane for the workspace and policy layer.
- Do you process regulated data classes (PHI, PCI, customer financial)? Use the BAA path and add a control plane for the boundary evidence the covered entity remains responsible for.
The Areebi AI Governance Assessment walks through the full architectural readiness map.
What to read next
- OpenAI Enterprise + AI governance CISO guide - the parallel walkthrough for ChatGPT Enterprise.
- AI control plane enterprise guide - the architectural pattern this walkthrough applies.
- AI control plane vs AI gateway - the distinction that matters when selecting the right control layer.
- Model supply chain security - the upstream risk view that complements the model vendor evaluation.
- NIST AI RMF GOVERN deep dive - GOVERN 6 framing for third-party AI risk.
External sources
- Anthropic Trust portal (current attestations, DPA, subprocessor list): trust.anthropic.com.
- Anthropic Claude API documentation: docs.anthropic.com.
- Bai et al., Constitutional AI: Harmlessness from AI Feedback (2022): arxiv.org/abs/2212.08073.
- Anthropic Responsible Scaling Policy: anthropic.com/news/anthropics-responsible-scaling-policy.
- NIST AI 600-1, Generative AI Profile: nist.gov/itl/ai-risk-management-framework.
Frequently Asked Questions
Do I need Areebi if I am using Claude Enterprise?
Not always. Claude Enterprise covers general productivity well, with SSO, SCIM, no-training default, workspace controls, and admin audit log. You need an external control plane when one or more of the following is true: you use additional foundation model providers (OpenAI, Gemini), you need prompt-layer DLP for regulated data, you need SIEM-grade per-interaction audit, you have fine-grained per-role policy needs, or you need to enforce one AI Acceptable Use Policy uniformly across all AI tools including embedded vendor features.
Does Anthropic train on my data?
No, on Claude API on Enterprise terms and on Claude Enterprise workspaces, Anthropic does not train models on customer inputs or outputs. The no-training commitment is documented in the data processing addendum. The policy differs on consumer Claude (free and Pro tiers), which is one reason personal-tier Claude use is a similar shadow risk to personal-tier ChatGPT and should be governed by an AI Acceptable Use Policy.
How does Claude on AWS Bedrock differ from Claude API direct?
On Bedrock, Anthropic does not see customer data - the model is served entirely inside AWS infrastructure, and the data path is governed by AWS's contractual terms, FedRAMP authorisation, and HIPAA eligibility. On Claude API direct, Anthropic is the data processor under its own DPA and provides BAA on request. Choice depends on existing cloud contracts, FedRAMP High requirements (use Bedrock GovCloud), and integration patterns with other cloud services.
What is Constitutional AI and does it replace DLP?
Constitutional AI is Anthropic's safety training approach, where Claude is trained against a written constitution of principles in addition to human preference data. It produces strong native refusal behaviour for harmful or policy-violating requests. It is not a DLP system - DLP is about preventing sensitive customer data from being sent to the model in the first place, while Constitutional AI is about the model declining harmful responses. The two are complementary: native refusal at the model layer, plus DLP at the prompt layer, together cover both directions of the safety problem.
Does Claude support prompt caching for cost control?
Yes, Claude supports prompt caching, where a long context (a corpus of documents, a system prompt, a tool catalogue) is cached once and reused across many queries at significantly reduced cost and latency. This matters for cost-conscious deployments at scale and for applications with large fixed contexts. The Areebi control plane is compatible with prompt caching - policy and DLP run on the request path, but the cached portion of the context is unchanged across requests.
How should I think about model versioning in production?
Pin to a specific Claude model version in production workloads (for example, claude-opus-4-5 rather than claude-opus-latest). Document the version-bump approval process in the AI Governance Committee charter. When Anthropic releases a new version, run the existing regression and safety test pack against the new version before approval, and update the system card or model documentation in your AI Use Case Inventory. This discipline matches the change management posture NIST AI RMF MANAGE expects.
Related Resources
Stay ahead of AI governance
Weekly insights on enterprise AI security, compliance updates, and governance best practices.
Stay ahead of AI governance
Weekly insights on enterprise AI security, compliance updates, and best practices.
About the Author
Areebi Research
The Areebi research team combines hands-on enterprise security work with deep AI governance research. Our analysis is informed by primary sources (NIST, ISO, OECD, federal registers, IAPP) and the operational realities of CISOs running AI programs in regulated industries today.
Ready to govern your AI?
See how Areebi can help your organization adopt AI securely and compliantly.