The 30 Anthropic security checks Black Cat runs
Black Cat SSPM evaluates 30 security policies against your Anthropic configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.
access control
Reduce the number of Anthropic org admins by demoting unnecessary users to lower roles
Replace org-wide Anthropic admin access with workspace-scoped admin roles
Review managed Anthropic user account permissions and workspace assignments for appropriateness
Add a second admin to the Anthropic organization to prevent single point of failure
Demote or remove dormant Anthropic organization members who have not been active
Rotate or delete unused Anthropic API keys that have not been recently active
Replace org-wide Anthropic API keys with workspace-scoped keys to limit blast radius
Delete inactive Anthropic API keys that are no longer in use
Verify and disable Anthropic API keys created by unauthorized non-user entities
Delete stale Anthropic invitations pending for more than 7 days
Clean up expired Anthropic member invitations from the pending list
Review and revoke unaccepted Anthropic admin invitations that are past their expected acceptance window
Reduce Anthropic workspace admin count by demoting unnecessary admins to developer or user roles
Add a second admin to each Anthropic workspace to ensure redundancy
Rotate expired or soon-to-expire Anthropic API keys before they cause service disruptions
Set an expiration date on Anthropic API keys to enforce regular rotation
Assign Claude Code users to a workspace for proper usage tracking and governance
Review members with the claude_code_user role to verify intended access scope
Ensure Claude Code users creating commits also open pull requests for code review
Scope API usage to specific workspaces by replacing org-level API keys with workspace-scoped keys
compliance
Investigate Anthropic cost anomalies exceeding the 30-day average by more than 2x
Configure data residency for Anthropic workspaces to comply with data sovereignty requirements
Investigate daily Anthropic API spend exceeding $100 to verify authorized usage
configuration
Delete archived Anthropic workspaces that are no longer needed
Archive or clean up Anthropic workspaces showing no recent activity
Configure custom rate limits for Anthropic workspaces instead of inheriting organization defaults
Investigate Anthropic usage spikes exceeding 3x the average token consumption
Review API usage that includes web search tool requests to ensure prompts are not exposing sensitive data
Review users with unusually high Claude Code session counts to verify authorized usage
Review and reduce overly permissive Anthropic rate limits exceeding 4000 requests per minute