IBL News | New York
Anthropic introduced last month Claude Code Security, a new capability now in a limited research preview that scans codebases for vulnerabilities and suggests targeted software patches that traditional tools, which usually look for known patterns, often miss.
Security teams face the challenge of addressing too many subtle, context-dependent vulnerabilities exploited by attackers, which require skilled human researchers to deal with ever-expanding backlogs.
“AI is beginning to change that calculus. We’ve recently shown that Claude can detect novel, high-severity vulnerabilities. But the same capabilities that help defenders find and fix vulnerabilities could help attackers exploit them,” said the company in a blog post.
Rather than scanning for known patterns, Claude Code Security reads and reasons about the code the way a human security researcher would: understanding how components interact, tracing how data moves through the application, and catching complex vulnerabilities that rule-based tools miss.
Claude Code Security is being released as a limited research preview to Enterprise and Team customers, with expedited access for maintainers of open-source repositories.
Using Claude Opus 4.6, released earlier this month, Anthropic found over 500 vulnerabilities in production open-source codebases—bugs that had gone undetected for decades, despite years of expert review.
“We also use Claude to review our own code, and we’ve found it to be extremely effective at securing Anthropic’s systems. We built Claude Code Security to make those same defensive capabilities more widely available. And since it’s built on Claude Code, teams can review findings and iterate on fixes within the tools they already use.”
The company expects that a significant share of the world’s code will be scanned by AI in the near future, given how effective models have become at finding long-hidden bugs and security issues.
“Attackers will use AI to find exploitable weaknesses faster than ever. But defenders who move quickly can find those same weaknesses, patch them, and reduce the risk of an attack. “