Anthropic has launched Claude Code Security, a new AI-powered cybersecurity capability built into Claude Code that scans software repositories for security vulnerabilities and recommends targeted fixes for human review. The feature is being released as a limited research preview for Enterprise and Team customers, with expedited access offered to maintainers of open-source repositories.

The announcement comes as security teams face growing vulnerability backlogs and increasingly sophisticated attacks that traditional rule-based tools struggle to detect. At the same time, the AI systems helping defenders identify vulnerabilities are also making it easier for attackers to discover and exploit them, intensifying pressure to strengthen defensive capabilities.

Unlike conventional static analysis systems that search for known patterns, Claude Code Security analyzes how software behaves — reasoning about data flow and system interactions to uncover complex, context-dependent security flaws.

The capability is aimed at security teams, developers, and organizations responsible for maintaining large or critical codebases.

Here’s what this means: AI is becoming a foundational layer of cybersecurity defense, changing how vulnerabilities are discovered, prioritized, and resolved before attackers can exploit them.

Traditional static analysis tools rely on predefined rules that match software against known vulnerability patterns. These approaches can detect common issues such as exposed credentials or outdated encryption but often fail to identify deeper problems involving business logic or broken access control.

According to Anthropic, Claude Code Security instead reads and reasons about code similarly to a human security researcher. The system analyzes how components interact, traces how data moves through applications, and evaluates context to uncover vulnerabilities that rule-based tools may overlook.

Each finding goes through a multi-stage validation process:

Validated findings appear in a centralized dashboard where teams can review suggested patches and confidence ratings for each issue, reflecting the complexity of vulnerabilities that can be difficult to evaluate from source code alone. Importantly, no fixes are applied automatically — developers retain final approval over all changes..

Anthropic says the new capability builds on more than a year of internal cybersecurity research led by its Frontier Red Team.

The company tested Claude’s defensive abilities through:

Using Claude Opus 4.6, Anthropic reports identifying more than 500 previously undiscovered vulnerabilities in open-source software — including bugs that had remained undetected for decades despite expert review.

The company says it is coordinating responsible disclosure with maintainers and expanding collaboration with the open-source community.

Anthropic also uses Claude internally to review its own systems, a practice that informed the development of Claude Code Security.

Anthropic describes the current moment as a turning point for cybersecurity, as AI systems become increasingly capable of identifying hidden software flaws.

The company expects a large share of global software to be scanned by AI systems in the near future due to their effectiveness at discovering vulnerabilities.

This creates a dual-use challenge:

Claude Code Security is being released gradually so Anthropic can refine safeguards and ensure responsible deployment before broader availability. The limited research preview is currently open to Enterprise and Team customers, with expedited access available for open-source maintainers, who can apply to participate and collaborate with Anthropic as the tool evolves.

Organizations and maintainers interested in participating can apply through Anthropic’s Claude Code Security program page.

Q: What is Claude Code Security?
A: Claude Code Security is an AI-powered cybersecurity capability within Claude Code that scans software repositories for vulnerabilities and suggests patches for human review.

Q: Who can access the preview?
A: Enterprise and Team customers can access the limited research preview, with expedited access available for open-source maintainers.

Q: How is it different from traditional security scanning tools?
A: Traditional tools rely on rule-based pattern matching, while Claude analyzes code contextually, reasoning about system behavior and data flow to identify complex vulnerabilities.

Q: Does the system automatically fix vulnerabilities?
A: No. Claude proposes fixes, but developers must review and approve all changes before implementation.

Q: What kinds of vulnerabilities can it detect?
A: Anthropic says Claude Code Security can identify complex vulnerabilities such as business logic flaws and broken access controls that rule-based tools often miss.

Q: Why release it now?
A: Anthropic says AI is rapidly changing both cyber offense and cyber defense, making it important to equip defenders with comparable capabilities.

Anthropic’s announcement highlights a broader change in cybersecurity, where AI systems are moving from assistance tools to active participants in vulnerability discovery and remediation.

Who should care: Security teams, software developers, DevSecOps leaders, enterprise technology executives, open-source maintainers, and organizations responsible for critical or large-scale software systems should pay close attention as AI becomes embedded directly into vulnerability discovery workflows.

Why it matters now: AI models are rapidly improving at reasoning about complex software systems, allowing vulnerabilities that once required expert human researchers to be identified automatically. As attackers begin using AI to discover exploitable weaknesses faster, organizations that adopt AI-assisted defense tools may significantly reduce risk exposure and remediation time.

What decision this affects: Technology leaders must now decide whether AI-driven security analysis should become a standard layer within software development pipelines, shifting cybersecurity from periodic audits toward continuous AI-assisted code review.

The broader implication is that the future of cybersecurity will be decided less by who writes secure code first, and more by who deploys AI fast enough to defend it continuously.

Editor’s Note: This article was created by Alicia Shapiro, CMO of AiNews.com, with writing, image, and idea-generation support from ChatGPT, an AI assistant. However, the final perspective and editorial choices are solely Alicia Shapiro’s. Special thanks to ChatGPT for assistance with research and editorial support in crafting this article.