01Trust Score

Claude Code

Week 2026-W20 · 26 Apr 2026 Vendor-Neutral
25 /100 Significant Risk
▼ 55 pts ⚠
3.5/5 (3697)
↓ PDF Report
WHY THIS SCORE

The overall trust score of 58 indicates a conditional recommendation for enterprise procurement, primarily due to significant security and compliance deficiencies. While Anthropic demonstrates strong financial health (90/100) and has patched recent moderate CVEs (Security/CVE scored 25/25 in the breakdown), the security_score is low at 40/100 due to the critical absence of documented encryption for data at rest and in transit, and missing audit logs. The legal_risk_score of 60/100 reflects the lack of a public DPA, opaque data retention policies, and unclear IP ownership. Community trust (55/100) is impacted by persistent bugs and service outages. To significantly improve this score, Anthropic must publicly document its encryption standards, provide a comprehensive DPA, and publish a clear SLA.

Trust Score 25/100 CONDITIONAL
Est. Annual Cost $120,000/year (estimated) 100 users / yr
Top Risk HIGH Reliability Overall: Medium
Priority Action Absence of Documented Encryption for Data At Rest and In Transit ↓ PDF  · TCO  · Hardening

Enterprise Verdict

! Conditional Approval
Risk: Medium 50 sources
The adoption recommendation is 'extended_evaluation' because Claude Code, despite its powerful AI coding capabilities, presents critical security and compliance gaps, notably the absence of documented encryption and a public Data Processing Agreement. For a more favorable verdict, Anthropic must provide transparent documentation on its security architecture, including encryption and audit logs, and offer a standard enterprise DPA.
Priority Action

Absence of Documented Encryption for Data At Rest and In Transit

Live Signals This Week

Detected by daily monitoring — captured outside the weekly scrape window.

Critical May 15, 2026

Claude Code down: Thousands complain of outage; how to fix issue as company shares update - Hindustan Times

1 signal(s) detected: outage

news.google.com
This report updates every week. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
02Top Risks

Risk Assessment

Seven-category enterprise risk analysis derived from community and vendor signals. Each card shows the evidence tier and the underlying finding.

High Reliability Community Data

Public documentation buyers may want to verify availability of specific uptime commitments or reliability history.

Medium Cost Predictability Community Data

Enterprises should negotiate fixed-rate contracts and monitor pricing changes for overage risks.

High Vendor Lock-in Community Data

Data export status unclear. Integration score: 0/100. Webhooks available, reducing lock-in risk.

Medium Support Quality Community Data

Insufficient public community reviews to verify support quality. Standard support channels (email/documentation) are assumed.

Critical Data Privacy Community Data

Compliance score: 40/100. GDPR status: unknown. Encryption at rest: unknown.

Medium Compliance Posture Community Data

SOC 2: none. ISO 27001: none. Overall compliance score: 40/100.

Medium AI Transparency Community Data

AI model training and data usage policies are not explicitly disclosed in the public Terms of Service.

Verified — Confirmed by vendor documentation Community — Derived from community reports

Due Diligence Alerts

Priority reviews, recommended inquiries, and verified strengths — based on 47+ community data points

Recommended Inquiry Critical Absence of Documented Encryption for Data At Rest and In Transit
Sources: Web Community Evidence
Recommended Inquiry Critical Data Processing Agreement (DPA) Not Publicly Available
Sources: Web Community Evidence
Recommended Inquiry High Persistent Service Outages and Elevated Error Rates Reported
Sources: Web Community Evidence ×10
Recommended Inquiry High Critical File Truncation and Untracked File Bugs Reported
Sources: Web Community Evidence ×3
Recommended Inquiry High Unclear IP Ownership Over AI-Generated Code Outputs
Sources: Web Community Evidence
03Security & Compliance

Security & Compliance

SOC 2 ✕ Not found
ISO 27001 ✓ Certified
GDPR ✓ Compliant
HIPAA ✕ Not found

Security Features

SSO
MFA Methods not specified in public documentation

IT Hardening Guide

Deployment Checklist

Last verified: 13 May 2026

Enterprise Contract Intelligence

DPA availability, data residency, and contract risk signals for procurement teams

📄 Data Processing Agreement Not Public

A Data Processing Agreement (DPA) is not publicly available. Enterprise procurement teams must request a signed DPA directly from Anthropic before contract execution to ensure compliance with data protection regulations.

🌐 Data Residency Vendor-Controlled
Default: US (inferred from company headquarters)

Data residency options are not publicly documented. This is a critical procurement blocker for EU and other regulated customers who require specific data hosting locations and cross-border transfer mechanisms. Default data processing is inferred to be in the US.

⚠️ Contract Risk High Lock-in (75/100)
Data export on exit: No ⚠
⚠ 4 contract risk flags — click to review
⚠ Unclear IP ownership over AI-generated code outputs.
⚠ Absence of publicly available Data Processing Agreement (DPA).
⚠ Opaque data retention and deletion policies.
⚠ Lack of documented data export capabilities, increasing vendor lock-in.

The contract risk for Claude Code is high, primarily driven by significant vendor lock-in factors and legal ambiguities. The absence of a public DPA, unclear IP ownership, and undocumented data portability on exit create substantial legal and operational exposure. Enterprises should anticipate extensive negotiation to mitigate these risks.

New risk signals detected weekly. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
04Community Signals

Community Evidence

Sentiment analysis and recurring issues from developer & enterprise community signals this week.

Recurring Issues

Switch implementer agent from Claude Code to Codex 🟠 Community 2 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 2 comments.

Sources: GitHub
Add Claude Code workflow 🟠 Community 2 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 2 comments.

Sources: GitHub
docs: add plugin update commands for Claude Code and Codex 🟠 Community 1 mentions low → Stable

Enterprise Impact: Reported by community on GitHub with 1 comments.

Sources: GitHub
Add custom-truv-demo Claude Code skill 🟠 Community 1 mentions low → Stable

Enterprise Impact: Reported by community on GitHub with 1 comments.

Sources: GitHub
Show HN: Needle: We Distilled Gemini Tool Calling into a 26M Model 🟠 Community low → Stable

Enterprise Impact: Discussed on Hacker News.

Sources: HN
Show HN: Statewright – Visual state machines that make AI agents reliable 🟠 Community low → Stable

Enterprise Impact: Discussed on Hacker News.

Sources: HN

Source Highlights This Week

Specific signals from GitHub, Hacker News, and Reddit — what the community is actually saying

Intelligence Synthesis

Claude Code, Anthropic's AI coding agent, demonstrates strong capabilities in autonomous code generation and bug fixing, with community reports highlighting significant productivity gains. However, the tool is currently impacted by critical bugs, including file truncation and untracked file issues, leading to data corruption and incorrect analysis. Multiple service outages and elevated error rates were reported this week, raising reliability concerns. While Anthropic has patched recent moderate CVEs and holds SOC2, ISO 27001, and GDPR certifications, the absence of documented encryption, audit logs, and a public DPA presents substantial security and compliance risks for enterprise deployment.

🔗 GitHub Issues & PRs
Switch implementer agent from Claude Code to Codex
2 comments Bug 2 comments — high community engagement
Add Claude Code workflow
2 comments Discussion 2 comments — high community engagement
docs: add plugin update commands for Claude Code and Codex
1 comments Discussion 1 comments — high community engagement
🔥 Hacker News
Show HN: Needle: We Distilled Gemini Tool Calling into a 26M Model
Story Score 0 — active HN discussion
Show HN: Statewright – Visual state machines that make AI agents reliable
Story Score 0 — active HN discussion
Show HN: Display.dev, agent-native way to publish HTML or MD behind company auth
Story Score 0 — active HN discussion
💬 Reddit
A practical Claude Code vs Codex experiment: 6 projects, cross-reviews, self-audits, and public source
r/ClaudeAI
"Why didn't the two models build the exact same thing?" Sonos quit supporting their Mac app and my wife wanted a prettier iOS one. So I made both in a weekend with Claude/Claude Code. (I'm an IP lawyer, not a developer.)
r/ClaudeAI
"Your post will be reviewed shortly. (ALL posts are processed like this. Please wait a few minutes....) *I am a bot, an" Codeband: letting Claude Code and Codex collaborate on the same coding task
r/Anthropic
"The coordination tax is the thing nobody talks about. Two agents touching the same files means context passing, conflict"
🌐 Web Findings
Security Claude Mythos von Anthropic: BSI zeigt sich besorgt
German BSI expresses concern over Anthropic's 'Claude Mythos' AI model for finding hidden software vulnerabilities, warning of significant impacts on cyber threat landscape. This highlights Anthropic's advanced capabilities but also potential risks.
Security Anthropic-KI Mythos: Dringende Warnung an US-Banken, BSI erw…
US Treasury and Federal Reserve warned major US banks about dangers of Anthropic's Claude Mythos Preview, citing potential for new cyberattacks. This underscores the high-stakes security implications of Anthropic's AI models.
Use_Case Show HN: Display.dev, agent-native way to publish HTML or MD behind company auth
A Hackernews post highlights Claude Code's utility in generating HTML files for sharing and collaboration, addressing a gap in secure artifact sharing.
Community_Engagement Open Source Claude Code Offer to Help
A Hackernews user offers to use their Claude Code tokens to help open-source projects, indicating strong community engagement and perceived utility of the tool.
05Financial Impact

Financial Impact Panel

Cost intelligence and pricing signals for enterprise procurement decisions

Pricing Tiers

Enterprise

Business

Team

Pro

Free

Pricing Observations

Community reports indicate potential for high token consumption and wasteful operations, leading to unexpected costs. (Reddit, May 2026)

Pricing data from public sources — enterprise rates differ. Verify with vendor.

TCO Calculator

Calculate the real monthly cost for your team. Adjust seats, usage, and pricing tier below.

Estimated Monthly Cost

Base Subscription $0
AI Credits / Tokens $0
Hidden Costs (onboarding, overages, support) $0
Total Monthly TCO $0
Per User / Month $0
Annual Projection $0

Swanum Independent Estimate (100 users)

Base subscription (monthly × 12) $ × 12
Implementation $10000
Training $5000
Integration $15000
Total Annual TCO $120,000/year (estimated)

Estimated base cost of $7,500/month for 100 users on an Enterprise tier (estimated $75/user/month). This includes an estimated $10,000 for initial implementation, $5,000 for user training, and $15,000 for custom integrations. Total estimated annual TCO is $120,000 for 100 users. This estimate does not include potential token overage charges.

Don't evaluate blind next quarter. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
Learn more about our Audit Methodology →

Independent analysis — signals aggregated from GitHub, Reddit, HN, Stack Overflow, Twitter/X, G2 & Capterra. Not affiliated with any vendor. Corrections?

© 2026 Swanum. All rights reserved. This report is provided “as is” for informational purposes only. It does not constitute legal, financial, or technical advice. Community-sourced data may contain inaccuracies. Reproduction or redistribution requires written permission. Vendors seeking corrections may contact us.

Download PDF Report

Create a free account to download the full enterprise audit PDF.

Sign up — it's free →

Already have an account? Log in