A — Cowork audit / compliance / governance

Claude Cowork Audit Log: How to Get a Compliance-Grade Trail

If you've gone looking for an audit log of what your team actually did inside Claude Cowork, you've probably hit a wall — and you're not imagining it.

According to Anthropic's own documentation, Claude Cowork activity is not captured in the Audit Logs, the Compliance API, or Data Exports that cover the rest of your Claude organization. Cowork conversation history is stored locally on each user's machine, inside an isolated virtual machine, and isn't synced to a central, exportable, compliance-grade record. Your admin dashboard can show you that Cowork is being used — session counts, active users — but not what happened inside those sessions.

For most teams that's fine. For anyone with a regulatory obligation — SOC 2, HIPAA, PCI-DSS, SOX, or an internal policy that says "we can reconstruct what an AI agent did on company data" — it's a genuine gap. This page explains the gap honestly and walks through your options for closing it.

Why the gap exists (and why it's not a bug)

Cowork is deliberately built for privacy and local control. It runs in a sandboxed VM using Apple's virtualization framework, processes files locally, and doesn't ship your session content to Anthropic's cloud for training or central storage. That design is great for data minimization — but it's the same design that means there's no central server-side transcript for your compliance team to pull later.

So the absence of a Cowork audit log isn't a security flaw; it's a side effect of local-first privacy. The practical consequence is the same either way: if you need to answer "what did this person, or this agent, actually do in Cowork on this date?", the official tooling can't tell you.

Your options today

1. The admin dashboard — usage, not content. Team and Enterprise admins can see Cowork adoption metrics (how often it's used, by whom). This proves usage but contains none of the session detail an audit requires.

2. OpenTelemetry — metrics, not a trail. Claude's Agent SDK emits OTel events (token usage, cost, tool activity) that you can route to your own collector. This is the closest official option, but Anthropic's guidance is explicit that OTel is not a compliance-grade audit trail — it gives you aggregate telemetry, not a reviewable record of prompts, responses, and tool calls per session. You also have to own and run the collector infrastructure yourself.

3. Session capture — the actual audit trail. To get a compliance-grade record you need the content of each session captured and stored in a queryable, access-controlled system: the prompts, the assistant's responses, every tool and MCP call, and which skills ran — tied to a user, a timestamp, and a project. That is precisely what a session-capture layer like Argus provides.

How Argus closes the gap

Argus instruments your Cowork environment with a lightweight plugin and captures each session as a structured, replayable record — every turn, tool call, and MCP invocation — into your own workspace. Three properties make it suitable as an audit trail:

• Complete and reconstructable. You can replay exactly what happened in a session, step by step, instead of inferring it from cost metrics.
• Private by default and access-controlled. Data is encrypted, scoped to your workspace, and visible only to the people you invite. Sensitive content can be redacted automatically, and any session can be marked private and excluded entirely.
• Attributable. Each session is tied to a user, time, and project, so you can answer the "who did what, when" question an auditor will ask.

The result is the record Cowork doesn't keep for you — on your terms, in your control.

Argus is in alpha. Treat its output as a strong operational audit trail; if you need certified, attested compliance evidence for a specific framework, confirm the specifics with your compliance team.

FAQ

Does Anthropic's Audit Log capture Claude Cowork activity?

No. Anthropic's docs are explicit that Claude Cowork activity is not captured in the organization's Audit Logs, the Compliance API, or Data Exports. Those surfaces cover other Claude usage (web, API) but not the Cowork sandbox where the agent actually runs.

Is OpenTelemetry a compliance-grade audit trail for Cowork?

No. Anthropic's own guidance is that OTel is for metrics — token usage, cost, tool activity — not a compliance-grade record of what happened in a session. You can route OTel events anywhere you like, but they don't include the prompts, tool inputs, or assistant outputs an auditor will ask for.

Where is Claude Cowork session data stored today?

Locally, inside the isolated VM that runs Cowork on each user's machine. There's no central server-side transcript. That's a deliberate privacy choice — and it's exactly why compliance teams hit a wall when they need to reconstruct a session months later.

How does Argus produce a compliance-grade trail?

By running as a Claude Cowork plugin that captures every session — prompts, tool calls, assistant responses, version hashes — and ships them to a workspace you control. Redaction, scoping, and per-session opt-out (/private) keep the privacy posture intact while giving you the trail Cowork itself doesn't have.

Will Anthropic ship a native Cowork audit log later?

Probably eventually — but there's no public timeline, and the local-VM architecture means a server-side trail would be a meaningful product change. The current gap is real for SOC 2 / HIPAA / SOX-bound teams shipping Cowork today.