Anthropic has introduced Claude Code Security, a vulnerability scanning feature built into Claude Code on the web and offered in a limited research preview to Claude Enterprise and Claude Team customers.
Anthropic said the tool scans codebases for security issues and proposes targeted patches that developers must review and approve.
Technical architecture
Anthropic positioned the feature as an alternative to traditional static analysis that is “typically rule-based” and matches code against known vulnerability patterns.
In its announcement, the company said Claude Code Security instead “reads and reasons” about code, tracing component interactions and data flows to surface context-dependent flaws such as business logic issues and broken access control.
Anthropic added that each finding goes through a multistage verification process where the model reexamines results to filter false positives, then assigns severity and a confidence rating before presenting results in a dashboard.
The company said that suggested patches appear alongside findings, and nothing is applied without human approval.
Security philosophy and red-teaming
Anthropic tied the launch to dual-use risk, arguing that the same AI capability that helps locate vulnerabilities could also accelerate exploitation.
The company said it is limiting access via a research preview and working with early users and open-source maintainers as it refines the tool and its deployment approach.
This philosophy leans on Anthropic’s own security research program. The company said its Frontier Red Team has been testing Claude’s cyber capabilities through efforts that include Capture-the-Flag participation and experiments with Pacific Northwest National Laboratory focused on defending critical infrastructure.
Anthropic also said that using Claude Opus 4.6, released earlier this month, its team found more than 500 vulnerabilities in “production open-source codebases” and is working through triage and responsible disclosure with maintainers.
Positioning and market reaction
Anthropic’s Claude Code Security page says findings can be exported into existing security processes, and its FAQ describes the tool as catching issues that pattern-matching tools may miss.
Anthropic is not alone in applying AI to code security. OpenAI launched a cybersecurity automation tool called Aardvark in late 2025, and Amazon and Microsoft have deployed internal AI agents for vulnerability detection and remediation.
The launch had an immediate market impact. Shares of several cybersecurity and developer-tool companies — including CrowdStrike, Cloudflare and JFrog — fell sharply after Anthropic unveiled Claude Code Security, according to Bloomberg.