Anthropic Launches Claude Code Security, an AI-Powered Vulnerability Scanner

Anthropic on Monday announced Claude Code Security, a vulnerability detection tool built directly into Claude Code on the web. The feature is rolling out as a limited research preview for Enterprise and Team plan customers, with priority access granted to open-source software maintainers.

Beyond Pattern Matching

Traditional code security tools rely on rule-based static analysis and known vulnerability pattern matching — techniques that, while useful, miss entire categories of bugs. Claude Code Security takes a fundamentally different approach: it reasons about source code the way a human security researcher would.

The system understands interactions between components, traces data flows across entire applications, and identifies vulnerabilities rooted in complex business logic. This means it can catch issues that single-file analysis tools routinely miss — the kind of subtle, cross-cutting bugs that typically require a seasoned security engineer to spot.

Self-Verification to Cut False Positives

One of the tool’s more notable features is its multi-stage verification process. When Claude Code Security identifies a potential vulnerability, it doesn’t just flag it and move on. Instead, the system attempts to both prove and disprove its own findings, filtering out false positives before they ever reach a developer’s dashboard.

False positive rates have long been a practical barrier to adoption for security scanning tools. Teams that are drowning in spurious alerts tend to ignore them entirely, which defeats the purpose. Anthropic’s approach aims to solve this by delivering higher-confidence results from the start.

Each confirmed vulnerability receives a severity rating and appears in a dedicated dashboard. The tool also generates patch suggestions, though final approval and application remain in human hands — a deliberate design choice that keeps developers in the loop.

500+ Vulnerabilities Found in Production Code

Anthropic says Claude Code Security, powered by Claude Opus 4.6, has already uncovered more than 500 vulnerabilities in production open-source codebases during testing. Some of those bugs had gone undetected for decades, according to the company.

The security push isn’t coming out of nowhere. Anthropic’s Frontier Red Team has been participating in CTF (Capture The Flag) competitions, and the company has an ongoing collaboration with Pacific Northwest National Laboratory (PNNL) focused on critical infrastructure defense. Claude Code Security represents the productization of that research effort.

A New Front in the AI Coding Wars

The launch signals that competition among AI coding tools is expanding beyond code generation and into security. GitHub Copilot, Snyk, and others have been building out security capabilities, but Anthropic is now bringing its own foundation model directly to bear on the problem — integrated into the same tool developers already use for writing code.

Enterprise and Team customers can request access to the research preview through Claude Code on the web.

Official announcement: https://www.anthropic.com/news/claude-code-security