Claude Security Is Anthropic's First Tool Built Specifically for Enterprise Cyber Defense

Anthropic has launched Claude Security, a vulnerability scanner designed to help enterprise software teams find and patch weaknesses in their codebases before attackers can exploit them. The tool runs directly from the Claude.ai sidebar with no API configuration or custom agent setup required and is powered by Opus 4.7, a model Anthropic says it deliberately trained to be less capable than its Mythos model on cybersecurity tasks.

The release comes roughly three weeks after Anthropic's Mythos model sparked alarm across governments and corporate security teams worldwide. Mythos, restricted to approximately 40 organizations under Anthropic's Project Glasswing initiative, is capable of autonomously discovering and exploiting zero-day vulnerabilities across major operating systems and browsers. As of May 25, Anthropic said Mythos had identified more than 23,000 potential vulnerabilities across over 1,000 open-source software projects, with 1,726 confirmed — including more than 1,000 rated high or critical severity.

Claude Security is positioned as a defensive counterpart to that capability. Rather than exploiting vulnerabilities, it scans source code, traces data flows across components, and reasons about how different parts of a system interact. It generates a confidence rating and severity explanation for each finding and produces a suggested patch that teams can work through in Claude Code. Notably, it does not match against a database of known bugs, instead reasoning about novel weaknesses directly from the code.

The gap between Claude Security and Mythos is significant by design. On the CyberGym benchmark from UC Berkeley, Mythos scored 83.1% against Opus 4.7's 73.1%. On a Firefox 147 exploit benchmark, the difference was starker: Mythos produced 181 working exploits compared to just 2 for Opus 4.6, a roughly 90x gap.

Currently, Claude Security supports only GitHub-hosted repositories. Access is live now for Claude Enterprise customers, with Team and Max plan customers set to follow. Services partners deploying the tool on behalf of enterprise clients include Accenture, BCG, Deloitte, Infosys, and PwC.

The launch does not fully resolve the asymmetry Mythos created. As Medianama founder Nikhil Pahwa noted in his analysis: "A tool that compresses attack timelines without compressing defense timelines increases systemic risk before it improves security." Claude Security narrows that gap for organizations that can access it, but countries and institutions still locked out of Project Glasswing remain in a position of defending against a threat they cannot directly study.

This analysis is based on reporting from Medianama.

Image courtesy of Mikhail Nilov.

This article was generated with AI assistance and reviewed for accuracy and quality.