Anthropic unveiled Claude Code Security, a new AI-powered vulnerability scanner that reportedly discovered over 500 security flaws in production open-source codebases; bugs that escaped detection for decades despite expert review. The tool is now available in limited research preview for Enterprise and Team customers, with expedited free access offered to open-source maintainers.
The announcement marks a significant expansion of Anthropic’s security tooling, building on basic security review features added to Claude Code in August 2025. The new system represents a fundamental shift in how code vulnerabilities are identified and analyzed.
Most security analysis tools rely on pattern matching, flagging known vulnerability signatures like exposed credentials or outdated encryption. Claude Code Security takes a different approach, reading code contextually, tracing data flow and analyzing how components interact, similar to having an editor understand written work rather than just spell-checking it.
The system runs findings through multi-stage verification before surfacing them to analysts, with Claude essentially arguing with itself to attempt to disprove its own discoveries and filter false positives. Each validated finding receives a severity rating and confidence score with suggested patches ready for human review. Importantly, nothing ships automatically as developers approve every fix.
Anthropic openly acknowledges a fundamental challenge: the same AI capabilities that help defenders find vulnerabilities can help attackers exploit them. The company’s Frontier Red Team has been testing Claude’s offensive and defensive capabilities through competitive capture-the-flag events and critical infrastructure defense experiments with Pacific Northwest National Laboratory. Fronteir Red Team is an internal group at Anthropic of about 15 researchers, tasked with stress-testing the company’s most advanced AI systems and probing how they might be misused in areas such as cybersecurity.
Frontier Red Team leader Logan Graham, talking to media, stated:
“This is the next step as a company committed to powering the defense of cybersecurity… We are now using [Opus 4.6] meaningfully ourselves; we have been doing lots of experimentation—the models are meaningfully better.”
“That makes a really big difference for security engineers and researchers,” Graham added. “It’s going to be a force multiplier for security teams. It’s going to allow them to do more.”
This means that AI can navigate a codebase methodically, assess how different parts function, and follow leads in a way that’s reminiscent of a junior security researcher, just at a much quicker pace.
Absolutely, it’s not just the defenders who are on the lookout for security flaws; attackers are also leveraging AI to uncover exploitable weaknesses at an unprecedented speed, Graham pointed out. That’s why it’s crucial to ensure that any advancements benefit the good guys. He also mentioned that alongside the research preview, Anthropic is putting resources into developing safeguards. These are to identify malicious use and detect when attackers might be exploiting the system.
Recent research demonstrated Claude can detect novel, high-severity vulnerabilities, the kind of zero-days that command premium prices on exploit markets. By releasing Claude Code Security, Anthropic is betting that giving defenders these tools first creates a net security benefit.
“Attackers will use AI to find exploitable weaknesses faster than ever,” Anthropic stated. “But defenders who move quickly can find those same weaknesses, patch them, and reduce the risk of an attack.”
For crypto projects and DeFi protocols (where a single smart contract vulnerability can drain millions) this tooling could prove valuable. The 500+ vulnerabilities Anthropic claims to have found are currently undergoing responsible disclosure with maintainers before public release.
The tool builds on Claude Code’s existing permission-based architecture. That architecture defaults to read-only access and requires explicit approval for file edits or command execution. Enterprise users can integrate findings into existing workflows through Claude Code’s standard interface. Open-source maintainers can apply for free access, potentially benefiting smaller projects that lack dedicated security teams.
Whether Claude Code Security lives up to its billing remains to be seen. However, with AI-assisted code generation accelerating development velocity across the industry, AI-assisted security review appears inevitable. The tool represents a critical step toward addressing the security implications of autonomous code generation at scale.
Developers interested in early access can apply at claude.com/contact-sales/security.