---
title: Anthropic Compliance primary owner transferred
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Anthropic Compliance primary owner
  transferred
---

# Anthropic Compliance primary owner transferred

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-account-manipulation](https://attack.mitre.org/techniques/T1098) 
## Goal{% #goal %}

Detects when the Primary Owner role of an Anthropic organization is transferred to another member.

## Strategy{% #strategy %}

This rule monitors Anthropic Compliance activities for `primary_owner_transferred` events. The Primary Owner is the most privileged role in an Anthropic organization; they alone can enable or disable Compliance API logging, manage HIPAA settings, and initiate organization deletion. Transfer of this role is a rare and high-impact action that warrants immediate verification regardless of context.

## Triage and response{% #triage-and-response %}

- Immediately confirm the transfer from `{{@previous_owner_id}}` to `{{@new_owner_id}}` was authorized and follows the organization's documented succession process.
- Verify the receiving user is a legitimate organization member with no compromise indicators.
- Examine the actor's authentication history and recent activity for signs of account takeover.
- Review whether the previous owner's account remains active and what role they now hold.
- If the action was unauthorized, contact Anthropic support immediately to reverse the transfer.