diff --git a/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/expected/main.tf b/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/expected/main.tf
new file mode 100644
index 0000000..6c6e3c7
--- /dev/null
+++ b/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/expected/main.tf
@@ -0,0 +1,64 @@
+resource "google_container_cluster" "non_compliant_cluster" {
+  name     = var.cluster_name
+  location = var.location
+
+  # Enable RBAC
+  enable_legacy_abac = true
+
+  # The non-compliant setting: allow anonymous access by enabling the legacy ABAC
+  # This allows unauthenticated users (system:anonymous) to have access,
+  # which violates the CIS recommendation to avoid bindings to system:anonymous.
+
+  # Minimal required settings for a valid cluster
+  initial_node_count = 1
+
+  node_config {
+    machine_type = var.machine_type
+  }
+
+  rbac_binding_config {
+    enable_insecure_binding_system_unauthenticated = false
+  }
+}
+
+resource "google_container_cluster" "non_compliant_cluster_explicit" {
+  name     = var.cluster_name
+  location = var.location
+
+  # Enable RBAC
+  enable_legacy_abac = true
+
+  # The non-compliant setting: allow anonymous access by enabling the legacy ABAC
+  # This allows unauthenticated users (system:anonymous) to have access,
+  # which violates the CIS recommendation to avoid bindings to system:anonymous.
+
+  # Minimal required settings for a valid cluster
+  initial_node_count = 1
+
+  node_config {
+    machine_type = var.machine_type
+  }
+
+  rbac_binding_config {
+    enable_insecure_binding_system_unauthenticated = false
+  }
+}
+
+resource "google_container_cluster" "compliant_cluster" {
+  name     = var.cluster_name
+  location = var.location
+
+  # Enable RBAC
+  enable_legacy_abac = true
+
+  # Minimal required settings for a valid cluster
+  initial_node_count = 1
+
+  node_config {
+    machine_type = var.machine_type
+  }
+
+  rbac_binding_config {
+    enable_insecure_binding_system_unauthenticated = false
+  }
+}
diff --git a/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/expected/variables.tf b/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/expected/variables.tf
new file mode 100644
index 0000000..1b17e29
--- /dev/null
+++ b/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/expected/variables.tf
@@ -0,0 +1,22 @@
+variable "gcp_project" {
+  type        = string
+  description = "The GCP project to create the cluster in"
+}
+
+variable "cluster_name" {
+  type        = string
+  description = "The name of the GKE cluster"
+  default     = "uut-cluster"
+}
+
+variable "location" {
+  type        = string
+  description = "The location/region for the cluster"
+  default     = "us-central1"
+}
+
+variable "machine_type" {
+  type        = string
+  description = "The machine type for the cluster nodes"
+  default     = "e2-medium"
+}
diff --git a/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/gomboc.yaml b/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/gomboc.yaml
new file mode 100644
index 0000000..ba07762
--- /dev/null
+++ b/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/gomboc.yaml
@@ -0,0 +1,16 @@
+# yaml-language-server: $schema=../../../../gomboc-schema/test-case.yaml
+
+name: Avoid bindings to system:anonymous
+
+provider: GCP
+iac:
+  language: terraform
+  version: v1.5.8
+
+canBeApplied: false
+
+benchmarkRecommendations:
+  - id: "4.1.8"
+    name: "Avoid bindings to system:anonymous"
+    benchmark: CIS Google Kubernetes Engine (GKE) Autopilot Benchmark
+    benchmarkVersion: v1.0.0
diff --git a/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/main.tf b/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/main.tf
new file mode 100644
index 0000000..1db6cd5
--- /dev/null
+++ b/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/main.tf
@@ -0,0 +1,57 @@
+resource "google_container_cluster" "non_compliant_cluster" {
+  name     = var.cluster_name
+  location = var.location
+
+  # Enable RBAC
+  enable_legacy_abac = true
+
+  # The non-compliant setting: allow anonymous access by enabling the legacy ABAC
+  # This allows unauthenticated users (system:anonymous) to have access,
+  # which violates the CIS recommendation to avoid bindings to system:anonymous.
+
+  # Minimal required settings for a valid cluster
+  initial_node_count = 1
+
+  node_config {
+    machine_type = var.machine_type
+  }
+}
+
+resource "google_container_cluster" "non_compliant_cluster_explicit" {
+  name     = var.cluster_name
+  location = var.location
+
+  # Enable RBAC
+  enable_legacy_abac = true
+
+  # The non-compliant setting: allow anonymous access by enabling the legacy ABAC
+  # This allows unauthenticated users (system:anonymous) to have access,
+  # which violates the CIS recommendation to avoid bindings to system:anonymous.
+
+  # Minimal required settings for a valid cluster
+  initial_node_count = 1
+
+  node_config {
+    machine_type = var.machine_type
+  }
+
+}
+
+resource "google_container_cluster" "compliant_cluster" {
+  name     = var.cluster_name
+  location = var.location
+
+  # Enable RBAC
+  enable_legacy_abac = true
+
+  # Minimal required settings for a valid cluster
+  initial_node_count = 1
+
+  node_config {
+    machine_type = var.machine_type
+  }
+
+  rbac_binding_config {
+    enable_insecure_binding_system_unauthenticated = false
+  }
+}
diff --git a/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/terraform.tf b/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/terraform.tf
new file mode 100644
index 0000000..0db35a1
--- /dev/null
+++ b/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/terraform.tf
@@ -0,0 +1,19 @@
+# Provider config
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 6.13.0"
+    }
+  }
+
+  required_version = ">= 1.1.0"
+}
+
+provider "google" {
+  project = var.gcp_project
+  default_labels = {
+    "test-repo" = "rattleback",
+    "test-path" = "gcp/terraform/container-cluster-avoid-bindings-to-system-anonymous"
+  }
+}
diff --git a/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/variables.tf b/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/variables.tf
new file mode 100644
index 0000000..1b17e29
--- /dev/null
+++ b/gcp/terraform/abstract/container-cluster-avoid-bindings-to-system-anonymous/variables.tf
@@ -0,0 +1,22 @@
+variable "gcp_project" {
+  type        = string
+  description = "The GCP project to create the cluster in"
+}
+
+variable "cluster_name" {
+  type        = string
+  description = "The name of the GKE cluster"
+  default     = "uut-cluster"
+}
+
+variable "location" {
+  type        = string
+  description = "The location/region for the cluster"
+  default     = "us-central1"
+}
+
+variable "machine_type" {
+  type        = string
+  description = "The machine type for the cluster nodes"
+  default     = "e2-medium"
+}