Skip to content

The 30 Anthropic security checks Black Cat runs

Black Cat SSPM evaluates 30 security policies against your Anthropic configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.

access control

mediumExcessive Org Admins

Reduce the number of Anthropic org admins by demoting unnecessary users to lower roles

highUnscoped Admin

Replace org-wide Anthropic admin access with workspace-scoped admin roles

lowManaged User Review

Review managed Anthropic user account permissions and workspace assignments for appropriateness

highAdmin Redundancy Missing

Add a second admin to the Anthropic organization to prevent single point of failure

mediumDormant Member

Demote or remove dormant Anthropic organization members who have not been active

highStale API Key

Rotate or delete unused Anthropic API keys that have not been recently active

mediumUnscoped API Key

Replace org-wide Anthropic API keys with workspace-scoped keys to limit blast radius

lowInactive API Key Not Removed

Delete inactive Anthropic API keys that are no longer in use

mediumAPI Key Created By Non-User

Verify and disable Anthropic API keys created by unauthorized non-user entities

lowStale Invite

Delete stale Anthropic invitations pending for more than 7 days

lowExpired Invite Not Cleaned

Clean up expired Anthropic member invitations from the pending list

mediumAdmin Invite Pending Review

Review and revoke unaccepted Anthropic admin invitations that are past their expected acceptance window

mediumExcessive Workspace Admins

Reduce Anthropic workspace admin count by demoting unnecessary admins to developer or user roles

highWorkspace Single Admin

Add a second admin to each Anthropic workspace to ensure redundancy

highAPI Key Expired Or Expiring

Rotate expired or soon-to-expire Anthropic API keys before they cause service disruptions

mediumAPI Key No Expiration

Set an expiration date on Anthropic API keys to enforce regular rotation

mediumClaude Code User Not In Workspace

Assign Claude Code users to a workspace for proper usage tracking and governance

lowClaude Code User Role Review

Review members with the claude_code_user role to verify intended access scope

mediumClaude Code Commits Without Pull Requests

Ensure Claude Code users creating commits also open pull requests for code review

mediumUnscoped API Usage

Scope API usage to specific workspaces by replacing org-level API keys with workspace-scoped keys

compliance

mediumCost Anomaly Detected

Investigate Anthropic cost anomalies exceeding the 30-day average by more than 2x

mediumWorkspace No Data Residency

Configure data residency for Anthropic workspaces to comply with data sovereignty requirements

mediumHigh Daily Spend

Investigate daily Anthropic API spend exceeding $100 to verify authorized usage

configuration

lowArchived Workspace Not Deleted

Delete archived Anthropic workspaces that are no longer needed

lowStale Workspace

Archive or clean up Anthropic workspaces showing no recent activity

mediumWorkspace Default Rate Limits

Configure custom rate limits for Anthropic workspaces instead of inheriting organization defaults

mediumUsage Spike Detected

Investigate Anthropic usage spikes exceeding 3x the average token consumption

mediumWeb Search Tool Usage

Review API usage that includes web search tool requests to ensure prompts are not exposing sensitive data

lowClaude Code High Session Count

Review users with unusually high Claude Code session counts to verify authorized usage

mediumRate Limit High Requests Per Minute

Review and reduce overly permissive Anthropic rate limits exceeding 4000 requests per minute

See these checks run on your stack

Start a free 14-day trial — no credit card required.

Start Free Trial