Anthropic has introduced Claude Code Security, a new AI-powered capability in its Claude Code assistant that promises to raise the bar for software security by scanning entire codebases for vulnerabilities and suggesting human-reviewed patches. The feature is currently rolling out in a limited research preview for Enterprise and Team customers, reflecting Anthropic’s cautious approach to deploying advanced cybersecurity tools. By positioning this as a defender-focused technology, the company aims to counter the same AI-driven techniques that attackers are starting to use to automate vulnerability discovery at scale.
Unlike traditional static analysis tools that rely on rule-based pattern matching and known vulnerability signatures, Claude Code Security analyzes code more like a human security researcher. It reasons about how different components interact, traces data flows through the application, and flags subtle issues that conventional scanners often miss. This deeper contextual understanding is designed to surface complex and high-severity bugs that may have remained hidden despite years of manual and automated review.
Each issue identified by Claude Code Security goes through a multi-stage verification process intended to filter out false positives before results ever reach a security analyst. The system re-examines its own findings, attempts to prove or disprove them, and assigns both severity and confidence ratings so teams can prioritize the most critical fixes. All results are presented in a dedicated dashboard, where developers and security teams can inspect the affected code, review the suggested patches, and decide how to remediate. Anthropic emphasizes a human-in-the-loop model, ensuring that nothing is changed without explicit developer approval.
Claude Code Security builds on more than a year of research into Anthropic’s cybersecurity capabilities, including testing in capture-the-flag competitions and collaborations with partners such as Pacific Northwest National Laboratory. Using its latest Claude Opus 4.6 model, Anthropic reports that it has already uncovered more than 500 long-standing vulnerabilities in production open-source projects, many of which had survived decades of expert scrutiny. Those findings are now going through triage and responsible disclosure with maintainers, reinforcing the tool’s emphasis on real-world impact and careful rollout.
Anthropic sees this launch as part of a broader shift in the cybersecurity landscape, where AI will routinely scan a significant share of the world’s code for flaws. The company warns that attackers will increasingly use similar models to find exploitable weaknesses faster than ever, but argues that defenders who move quickly can seize the same advantages to harden their systems in advance. By making Claude Code Security available first to enterprises, teams, and open-source maintainers, Anthropic is betting that AI-augmented defenders can keep pace with, and potentially outmaneuver, AI-empowered adversaries.