Claude Code Security Debuts to Help Teams Find and Patch Bugs

Anthropic has begun rolling out Claude Code Security, a new capability built into Claude Code on the web that scans software codebases for vulnerabilities and suggests targeted patches for human review. The feature is launching in a limited research preview for Enterprise and Team customers, with expedited access offered to maintainers of open-source repositories.

According to Anthropic, Claude Code Security is designed to help teams identify and fix security issues that traditional tools often miss. Instead of relying on static, rule-based analysis that looks for known vulnerability patterns, the system reads and reasons about code more like a human security researcher — analyzing how components interact, tracing data flows and flagging complex, context-dependent flaws such as broken access control or business logic errors.

Each potential vulnerability goes through what Anthropic describes as a multi-stage verification process. The model re-analyzes its own findings in an effort to filter out false positives, assigns severity ratings to help teams prioritize fixes and provides a confidence score for each issue. The results appear in a Claude Code Security dashboard, where developers can inspect the flagged code, review suggested patches and decide whether to apply them. Nothing is implemented automatically; Anthropic emphasizes a human-in-the-loop approach in which developers make the final call.

The company frames the release as part of a broader effort to counter AI-enabled attacks. As AI models become more capable of detecting subtle vulnerabilities, Anthropic argues that the same techniques could be used by adversaries to uncover exploitable weaknesses at scale. Claude Code Security, it says, is intended to give defenders a comparable advantage and raise the overall security baseline.

The launch builds on more than a year of internal research into Claude’s cybersecurity capabilities. Anthropic’s Frontier Red Team has tested the model in Capture-the-Flag competitions, partnered with Pacific Northwest National Laboratory on experiments related to defending critical infrastructure and used Claude to find and patch vulnerabilities in real codebases. Using Claude Opus 4.6, released earlier this month, the company says its team identified more than 500 vulnerabilities in production open-source codebases that had gone undetected for years. Anthropic is currently working through triage and responsible disclosure with maintainers.

The company also uses Claude internally to review its own systems and says the tool has proven effective at improving its security posture. By integrating the capability directly into Claude Code, Anthropic aims to make those same defensive tools available to enterprise customers within the workflows they already use.

Anthropic describes the release as a response to a shifting cybersecurity landscape in which a growing share of the world’s code is likely to be scanned by AI. Attackers, the company warns, will use AI to identify weaknesses more quickly, but defenders who adopt similar tools can patch vulnerabilities before they are exploited. The limited research preview is intended to refine the system’s capabilities and ensure responsible deployment before broader availability.

See more here:

This analysis is based on reporting from The Hacker News.

Image courtesy of Anthropic.

This article was generated with AI assistance and reviewed for accuracy and quality.