Anthropic’s Claude is once again in the news after the company released a new AI tool, Claude Code Security, that helps teams find and fix security issues that traditional methods often miss. The company said Claude Code Security works by scanning codebases for security vulnerabilities and then suggests targeted software patches for human review.
The new AI tool wiped billions of dollars off cybersecurity companies, with various big names in the industry seeing their shares tumble, including CrowdStrike, Okta, Cloudflare, SailPoint and Zscaler.
What is Claude Code Security?
Anthropic has previously claimed that Claude can help detect novel, high-severity vulnerabilities. However, the company says that those same capabilities that help defenders find vulnerabilities can also be used by attackers to exploit them.
Claude Code Security is built by the AI startup to protect code against a new category of AI-enabled attacks.
Unlike traditional static analysis tools that rely on predefined pattern matching, Claude Code Security reads and reasons about code in a way similar to a human security researcher. It traces data flows, understands how different software components interact, and identifies subtle business logic flaws or broken access controls.
Unlike widely popular security analysis forms like static analysis, which rely on matching code against known vulnerability patterns, Claude Code Security is said to read and reason about code the way a human security researcher would. Anthropic says it traces data flows, understands how different software components interact, and identifies complex vulnerabilities that rule-based tools miss.
Each finding by Claude Code Security is then subjected to a multi-stage verification process in which the AI re-examines each result, attempts to prove or disprove its own findings, and filters out false positives before the results reach a human analyst. The tool also assigns severity ratings so that teams can focus on the most important fixes first.
Anthropic says its team found over 500 vulnerabilities in production open-source codebases using its Claude Opus 4.6 model, which powers Claude Code Security. According to the company, many of these bugs had gone undetected for decades despite years of expert human review.
“We also use Claude to review our own code, and we’ve found it to be extremely effective at securing Anthropic’s systems. We built Claude Code Security to make those same defensive capabilities more widely available,” the company said in a blog post.
Who can use Claude Code Security?
Anthropic says Claude Code Security is being released as a limited research preview to Enterprise and Team customers. The company gave no details on when the feature will be rolled out to the general public.
