By NHI Mgmt Group Editorial TeamPublished 2026-05-28Domain: Agentic AI & NHIsSource: Token Security

TL;DR: Anthropic’s Compliance API gives enterprises programmatic visibility into Claude usage, MCP server interactions, and local data access, narrowing the endpoint blind spot that has limited auditability for AI agents, according to Token Security. The real shift is that agentic AI now needs NHI-style governance because access, telemetry, and accountability must be tied to machine actors at runtime.


At a glance

What this is: Anthropic’s Compliance API surfaces endpoint-level telemetry for Claude and Claude-based agents, including usage, access, and data activity.

Why it matters: It matters because IAM, compliance, and security teams need machine-identity governance for AI agents that operate outside traditional SaaS and cloud logging boundaries.

By the numbers:

👉 Read Token Security's analysis of Anthropic's Compliance API for secure agentic AI access


Context

Anthropic’s Compliance API is really about a governance gap, not a product feature. AI agents now operate with access to sensitive systems, local data, and toolchains, but most enterprises still cannot reliably tell which agent did what, on whose behalf, or with which identity.

That gap sits directly in the middle of NHI governance. When agents consume data through tokens, service accounts, OAuth integrations, or MCP servers, the control problem is no longer just logging. It is attribution, scope, and ongoing auditability for machine actors that behave more like runtime identities than static applications.


Key questions

Q: How should security teams govern AI agents that use tokens, service accounts, and OAuth connections?

A: Treat those credentials as runtime identities, not as simple application integrations. Security teams should map each agent to an owner, scope its tool access, and connect telemetry to the exact identity used at execution time. Without that linkage, audit, revocation, and incident response all become guesswork.

Q: Why do AI agents create blind spots in compliance and investigation?

A: AI agents often act on endpoints where traditional cloud logs and SaaS audit trails are incomplete. If teams cannot tie an action to a specific agent, identity, and access path, they lose the evidence needed for compliance, incident response, and policy enforcement. The result is an accountability gap, not just a monitoring gap.

Q: What do security teams get wrong about monitoring AI agent access?

A: They focus on whether the endpoint is monitored instead of whether the agent’s behaviour is attributable. A device log that shows data movement is not enough if it cannot identify the agent, the token, the tool, and the downstream resource involved. Governance needs actor context, not just event capture.

Q: How can organisations reduce risk when AI agents use MCP servers?

A: Start by inventorying which MCP servers are in use, which data they can reach, and which credentials they consume. Then tie those servers to policy and revocation workflows so access can be removed when ownership changes or scope exceeds expectations. The key is lifecycle control, not just visibility.


Technical breakdown

Endpoint telemetry for AI agents and MCP servers

The article describes a telemetry layer that exposes Claude usage, tool interactions, local storage activity, and MCP server use from the endpoint. That matters because much of agentic AI activity happens outside conventional SaaS audit logs and cloud-native monitoring. Traditional EDR or MDM tooling can see device posture, but not the identity context of the agent, the tool chain it invoked, or the data it touched in-session. For security teams, the important shift is from device visibility to actor visibility.

Practical implication: Map endpoint monitoring to AI agent identity context, not just device health, so you can trace which agent used which tool and data path.

Why tokens and OAuth make agentic access hard to govern

The article highlights a familiar NHI pattern: an agent reaches sensitive systems through tokens, service accounts, or OAuth integrations, then acts with the standing authority attached to that identity. The problem is not merely that access exists, but that the agent can use it in ways the owning team did not anticipate at provisioning time. In practical terms, conventional entitlement reviews are poor at describing runtime agent behaviour, especially when multiple tools and data sources are involved.

Practical implication: Review token and OAuth grants as runtime access paths for AI agents, not as static app integrations, and trace them to the data they can actually reach.

Continuous compliance replaces periodic review for machine actors

Anthropic’s API is framed around real-time programmatic access to usage data, customer content, retention controls, and policy enforcement. That signals a move away from snapshot-style compliance toward continuous machine-readable governance. For AI agents, this is the only model that fits: the control surface changes as the agent changes state, tools, or prompts. Periodic review leaves too much behaviour unobserved to be useful for investigation or enforcement.

Practical implication: Build continuous audit and policy workflows for AI agents, because periodic review will miss the runtime decisions that define risk.


Threat narrative

Attacker objective: The objective is to operate or observe AI-driven access paths without reliable attribution, enabling data exposure or policy evasion to remain hidden.

  1. Entry occurs when an AI agent gains access through tokens, service accounts, or OAuth integrations attached to endpoint workflows.
  2. Credential or privilege use then happens at runtime as the agent consumes data, invokes MCP servers, and interacts with local or connected services.
  3. Impact follows when security teams cannot attribute the activity or reconstruct what data was accessed, leaving compliance and breach investigation with an incomplete record.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

Endpoint visibility is no longer a device problem, it is an identity problem. The article shows that AI agents are running on endpoints where traditional SaaS logging and cloud controls do not see the full behaviour chain. That makes the endpoint the place where attribution, tool use, and data access converge. Security teams should treat endpoint telemetry as machine-identity evidence, not just endpoint hygiene.

Standing access review was designed for identities whose access persists long enough to be observed. That assumption fails when an AI agent can access tools, move data, and complete a task before the next review cycle even begins. The implication is not a new checklist, but a rethink of whether periodic certification can ever govern runtime agent behaviour at all.

Ephemeral telemetry without identity context creates audit theatre. Knowing that an agent touched data is not enough if you cannot tie the action to a specific agent, owner, or access path. The article sharpens a practical concept: agentic visibility gap: the mismatch between available endpoint logs and the governance evidence required to prove what an autonomous or semi-autonomous system actually did. Practitioners should treat that gap as a control failure, not a tooling nuisance.

OAuth and service-account access become harder to defend when the actor is an agent. In human programmes, delegated access can often be explained by ownership and approval trails. For agents, those trails are weaker because the identity may be created for software, used by multiple workflows, and operated outside normal user behaviour patterns. Teams should re-evaluate whether the identity boundary is the agent, the endpoint, or the downstream resource.

MCP adoption is accelerating faster than governance maturity. The article’s core message is that new agent tooling is spreading into sensitive systems before teams can answer basic lifecycle questions about ownership, scope, and revocation. That is a governance imbalance, not just a visibility issue. Practitioners need to recognise that AI agent access is becoming a first-class NHI domain, with its own audit and accountability expectations.

From our research:

  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
  • From our research: 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
  • From our research: Pair that exposure with the fact that only 18% of MCP server deployments implement any form of access scoping for tool permissions, according to The State of MCP Server Security 2025.

What this signals

Agentic visibility is becoming a governance baseline, not a specialist control. As AI agents move from experimentation into production workflows, security teams will need to prove which agent used which data path and under whose authority. The organisations that cannot make that connection will struggle with auditability, offboarding, and incident reconstruction.

Ephemeral access only reduces exposure if the identity record is complete. Short-lived agent sessions help, but they do not solve the bigger problem of who owns the agent, what it can reach, and how revocation is triggered when behaviour drifts. That is why AI agent governance is converging with NHI lifecycle management.

Agentic visibility gap: this is the control gap that will matter most for readers planning AI adoption. If endpoint telemetry, identity logs, and policy enforcement do not share a common actor model, teams will keep seeing evidence after the fact but not enough context to act in time.


For practitioners


Key takeaways

  • AI agents are exposing a governance gap that traditional endpoint, SaaS, and cloud controls do not fully close.
  • Visibility remains weak in practice, with only 52% of companies able to track and audit AI agent data access and 80% reporting out-of-scope actions.
  • Practitioners need continuous attribution, lifecycle control, and policy enforcement for agent identities, not just better logging.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Agentic AI Top 10Agent telemetry, tool use, and scope control are central agentic AI risks.
OWASP Non-Human Identity Top 10NHI-03Token, service account, and OAuth use by agents is classic non-human identity governance.
NIST CSF 2.0PR.AA-01Identity and access evidence is needed for continuous monitoring and auditability.

Treat AI agent activity as auditable identity behaviour and integrate it into monitoring workflows.


Key terms

  • Agentic Visibility Gap: The difference between what security teams can observe and what they need to prove about an AI agent’s actions. It appears when endpoint logs, identity records, and data access trails do not share a common actor model, making attribution and investigation incomplete.
  • Runtime Identity: An identity that is evaluated while work is being done rather than only at provisioning time. For AI agents, this means the token, service account, or OAuth grant is part of live execution and must be governed as an active actor, not a static application setting.
  • Machine-Readable Compliance: Compliance evidence that can be collected, queried, and enforced automatically instead of by manual review. In agentic environments, this turns usage data, policy events, and retention controls into operating signals rather than after-the-fact reports.

What's in the full article

Token Security's full blog covers the operational detail this post intentionally leaves for the source:

  • Step-by-step explanation of how the Compliance API surfaces Claude client telemetry at the endpoint.
  • The article’s own examples of how the integration feeds compliance dashboards and policy enforcement workflows.
  • Discussion of selective deletion and retention controls for Claude usage data.
  • Context on Token Security’s broader integration approach across Claude, OpenAI, Cursor, and other environments.

👉 Token Security's full post shows how endpoint telemetry, compliance workflows, and AI agent visibility fit together.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building identity controls for modern infrastructure or AI-enabled environments, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-05-28.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org