---
title: Anthropic Compliance organization admin invite sent
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Anthropic Compliance organization admin
  invite sent
---

# Anthropic Compliance organization admin invite sent

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-account-manipulation](https://attack.mitre.org/techniques/T1098) 
## Goal{% #goal %}

Detects when a user sends an Anthropic organization invite with an administrative role (`admin`, `owner`, `primary_owner`, or `membership_admin`).

## Strategy{% #strategy %}

This rule monitors Anthropic Compliance activities for `org_user_invite_sent` with `@invited_role` set to an administrative role. Anthropic's Console does not emit a discrete "role change" activity for new members, so invite-sent is the earliest signal of intended privilege escalation.

## Triage and response{% #triage-and-response %}

- Verify whether the invite sent by `{{@usr.email}}` to `{{@invited_email}}` is authorized.
- Examine the inviting user's recent activity for signs of compromise (suspicious IP login, MFA-bypass attempts).
- Check whether the invited email address belongs to a legitimate organization member or a newly added external domain.
- Determine if the inviting user has appropriate authority to grant administrative access.