What about SOC 2 and PCI-DSS?

Anthropic maintains SOC 2 Type II compliance for their API infrastructure. For PCI-DSS, the key question is whether Cowork ever sees payment card data on screen. If it does, that's in scope and needs to be handled accordingly. We configure deployments so that card data stays outside Cowork's view unless you've specifically addressed the compliance requirements.