Kiteworks

Enabling Zero Trust Data Exchange in One Platform

Free Trial EXPLORE KITEWORKS
Home > Security and Compliance Blog > Cybersecurity Risk Management > Monitoring AI Behavior Is Not the Same as Governing It
AI Governance Requires Controls, Not Just Logs

Monitoring AI Behavior Is Not the Same as Governing It

by Patrick Spencer updated June 1, 2026 Cybersecurity Risk Management
Reading Time: 7 minutes

Anthropic made a significant announcement this week. Claude Enterprise now integrates with 28 security and compliance partners through the new Claude Compliance API, giving enterprise security teams programmatic access to conversation content, uploaded files, and AI activity events — feeding them into the DLP, CASB, SIEM, and eDiscovery tools already in the enterprise stack.

The market signal this sends is, if anything, more significant than the product itself. If Anthropic is building a compliance API, it is because their enterprise customers are demanding one. The KPMG 2025 AI Governance Survey found 62% of enterprises cite lack of governance capabilities as the primary barrier to expanding AI use for sensitive business processes. Enterprises are no longer willing to deploy AI for sensitive workflows without governance infrastructure. That is the right instinct. The question worth pressing is whether governance infrastructure that logs AI behavior after the fact is the same as governance infrastructure that controls AI access before it happens.

It is not — and the distinction matters enormously for regulated industries.

5 Key Takeaways

1. Claude’s Compliance API marks a real step forward for enterprise AI.

Anthropic’s Claude Compliance API integrates with 28 enterprise security partners — Cloudflare, CrowdStrike, Microsoft Purview, Varonis, Wiz, Relativity, Datadog, and 21 others — giving regulated enterprises programmatic access to conversation logs, uploaded files, and AI activity events for ingest into existing DLP, CASB, SIEM, and eDiscovery stacks. This is a meaningful capability that previously did not exist in a structured, API-accessible form. The market signal it sends is as significant as the product: enterprises are demanding AI governance infrastructure before expanding to sensitive workflows.

2. Every integration operates after the conversation has already happened.

All 28 Compliance API integrations run after the fact, making the tool a monitoring system rather than a governance system. It documents what occurred — it cannot prevent what should not have occurred. The data was processed. The content was sent to the model. The conversation happened. The API creates a record; it does not change the outcome. For regulated content, that distinction is not a nuance. It is the difference between a detective control and a preventive one.

3. Sensitive data reaches the model before any alert fires.

An employee using Claude Enterprise with the Compliance API fully enabled can still paste CUI, attach PHI, or query ITAR-controlled data into a conversation. The API logs the activity but does not block it. A pre-model governance layer blocks the content before it enters the session. Most regulatory frameworks require access controls as a primary control — logging that regulated data was accessed without authorization is not a substitute for preventing unauthorized access.

4. Governance gaps are enterprise-wide, not vendor-specific.

63% of organizations cannot enforce purpose limitations on AI agents, 60% cannot terminate a misbehaving AI system, and only 18% have fully integrated AI governance policies per the Kiteworks 2026 Forecast. The Anthropic announcement validates that the market gap is real. It does not close it. These are control gaps — not monitoring gaps — and they are not addressed by a more sophisticated audit trail.

5. Pre-model controls define the emerging regulatory governance standard.

CMMC Level 2 requires organizations to “control access to CUI” — access control is the operative phrase, not access logging. HIPAA’s Technical Safeguards specify that covered entities must implement policies that “allow access only to those persons or software programs that have been granted access rights.” The compliance standard for regulated enterprise AI will require pre-model content controls, not just post-hoc monitoring. The question for CISOs is whether to architect for that standard now or retrofit it after a regulatory action forces the issue.

You Trust Your Organization is Secure. But Can You Verify It?

Read Now

The Structural Limit of Post-Hoc Monitoring

Here is the structural limitation the Compliance API cannot address, by design: every one of those 28 integrations operates after the conversation has already happened. The data was processed. The content was sent to the model. The conversation occurred. The Compliance API creates a record of what happened — it does not change what happened.

Think about how data governance works in mature enterprise security architectures. A DLP system does not just log that an employee emailed a sensitive document to a personal account — it prevents the send. A content firewall does not just record what files were transferred — it enforces access policy at the point of transfer. The architecture that has proven effective for email, file transfer, and collaboration platforms operates on a prevent-first, log-second model. The Compliance API applies a log-first, alert-second model to AI.

That is valuable. But it is architecturally different from prevention. For regulated content — CUI, PHI, ITAR-controlled data, attorney-client privileged information — regulatory frameworks do not permit a log-and-alert model as the primary control. They require access controls. Logging that regulated data was accessed without authorization is not a substitute for preventing unauthorized access.

What Can Happen Before the Compliance API Catches It

An employee using Claude Enterprise with the Compliance API fully enabled and configured can: paste the text of a Controlled Unclassified document into a conversation prompt; attach a file containing Protected Health Information as context for a Claude task; type ITAR-controlled technical specifications into a chat message; query Claude about the contents of a sensitive financial dataset they have access to in another system.

In each of these cases, the Compliance API will log the activity. If the right DLP rules are configured downstream, an alert will fire. What will not happen: the content will not be blocked from reaching Claude. The conversation will not be prevented. The data will not be stopped at an access control boundary before it enters the model. The Compliance API documents the exposure; it does not prevent it.

For security teams in regulated industries, this matters because most regulatory frameworks require preventive controls, not just detective controls. CMMC Level 2 requires organizations to “control access to CUI.” HIPAA’s Technical Safeguard requirements specify that covered entities must implement policies that “allow access only to those persons or software programs that have been granted access rights.” The standard is control of access, not documentation of access.

The Pre-Model Governance Layer: A Different Architecture

A pre-model governance layer operates on a fundamentally different principle: it determines what content is permissible as input to an AI session before the session begins, not after it ends. The control logic is based on the user’s identity and role, the classification of the content being requested, the specific AI use case and purpose, and the compliance framework applicable to that content. When a user initiates an AI session, the governance layer evaluates these factors against explicit policy — and either permits, restricts, or blocks specific content from entering the session.

The Kiteworks Secure MCP Server sits between enterprise data systems and AI models — including Claude — and enforces content governance policy at the interface. Sensitive content is accessible to AI sessions only when the user’s role, the session’s purpose, and the content’s classification all satisfy explicit policy requirements. Audit records capture not just what content was accessed, but what was requested and blocked. The AI Data Gateway extends the same governance to RAG pipelines and automated workflows. Every request is authenticated, authorized against attribute-based access controls, and logged in a tamper-evident audit trail — with FIPS 140-3 validated encryption protecting every data path.

This architecture allows regulated enterprises to extend AI access to sensitive workflows — defense procurement, healthcare operations, financial advisory — without creating the compliance exposure that post-hoc monitoring can document but cannot prevent. The Kiteworks Private Data Network extends this across email, file sharing, MFT, SFTP, web forms, and APIs under one policy engine and one consolidated audit log.

What This Means for Regulated Enterprise AI Deployments

For security and compliance leaders evaluating enterprise AI platforms, the question to ask every vendor is: “What happens if an employee sends restricted content to the model before your compliance layer catches it?”

If the answer is “we log it and alert on it,” you have a monitoring system. That is valuable for forensics, incident response, and audit documentation. It does not satisfy the access control requirements of most regulatory frameworks for sensitive data. If the answer is “we prevent it,” you have a governance system. That distinction determines whether your AI deployment is compliant with your regulatory obligations or merely documented as non-compliant after the fact.

Compliance frameworks evolve toward the most protective interpretation over time. The pattern played out with cloud storage, mobile device management, and secure email — in each case, the governance standard matured toward prevention and access control rather than detection and logging. AI is on the same trajectory. Organizations that architect for the mature standard now — building the pre-model governance layer that controls what sensitive content AI models can access — will face the smallest retrofit cost when regulatory guidance catches up to the technology.

To learn more about governing AI workflows, schedule a custom demo today.

Frequently Asked Questions

AI compliance monitoring creates a record of what AI models did. AI governance controls what AI models are permitted to do — what content they can access, for which users, under which conditions, for which purposes. The Claude Compliance API is a monitoring tool. The Kiteworks Secure MCP Server and AI Data Gateway implement governance: enforcing access policy before content reaches the model, preventing unauthorized access rather than documenting it after the fact.

For most regulated data types — CUI, PHI, ITAR-controlled technical data — no, not by itself. CMMC, HIPAA, and ITAR require that access to sensitive data be controlled. A compliance API that logs that PHI was submitted to an AI model documents the failure to satisfy the access control requirement — it does not satisfy it. Pre-model governance provides the preventive access controls that satisfy those requirements.

A pre-model governance layer sits between enterprise data systems and AI models, enforcing content access policy before an AI session begins. It evaluates the user’s role, the classification of content being requested, and the purpose of the session against explicit policy — and permits, restricts, or blocks content from entering the session. The Kiteworks Secure MCP Server implements pre-model governance through attribute-based access controls and tamper-evident audit logging on every operation.

Defense contractors handling CUI under CMMC, healthcare organizations managing PHI under HIPAA, financial services firms under SEC and FINRA data governance requirements, and aerospace and defense companies handling ITAR-controlled technical data face the most direct exposure. The Kiteworks 2026 Forecast found 90% of government organizations and 77% of healthcare organizations lack a centralized AI data gateway — the control point that closes the gap.

The Secure MCP Server sits between Claude and enterprise data systems, enforcing governance policy at the interface. When Claude requests access to sensitive content, the server evaluates that request against explicit policy, permits or blocks based on that evaluation, and logs the result in a tamper-evident audit trail. This pre-model governance complements the Compliance API’s post-hoc monitoring — providing the preventive control layer that turns compliance documentation into compliance enforcement.

Additional Resources

Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who are confident in how they exchange private data between people, machines, and systems. Get started today.

Schedule a Demo

Table of Contents

Table of Content
Share
Tweet
Share
Explore Kiteworks