Anthropic launches Claude Security to scan code for flaws and prioritize fixes for enterprises

Anthropic's new Claude Security tool scans your codebase for flaws - and helps you decide what to fix first

Claude Security turns findings into prioritized fix guidance. Anthropic has announced Claude Security, a new defensive cybersecurity product. Right now, it's available in public beta to Enterprise-tier Claude users, with availability "coming soon" to Claude Team and Max-tier users. Also: Apple, Google, and Microsoft join Anthropic's Project Glasswing to defend world's most critical software Claude Security is another tool in Anthropic's cyberdefense toolbox. It gives security teams a way to "scan codebases for vulnerabilities and generate targeted patches" using the Claude Opus 4.7 model. Earlier in the month, Anthropic debuted Project Glasswing, an AI Manhattan Project aimed at finding vulnerabilities in the world's infrastructure of open-source software. Glasswing uses an Anthropic model called Mythos, a model deemed so dangerous that it's not being released to the public. It's being shared with Glasswing participants, including erstwhile competitors like Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. At the core of both Project Glasswing and Claude Security is vulnerability scanning. Most cyberattacks begin with an enemy actor exploiting a vulnerability. So, if defenders can find and patch the vulnerabilities, the malicious perpetrator has a smaller attack surface. Remember Star Wars? The entire plot of A New Hope revolves around Death Star plans that Princess Leia stores in R2-D2. Once the Rebels get those plans, they're able to find a vulnerability. All Luke and the other pilots have to do is fire one torpedo down an exhaust port on the Death Star, and... boom! That, boys and girls, is a vulnerability. The Death Star had one fatal flaw. Your codebase probably has more. Anthropic's new Claude Security tool wants to find them before attackers get there first. Back in the real world, everything runs on software, which is inherently vulnerable. Not only do vulnerabilities open doors for adversaries to exploit, but they also could cause damage simply by existing and causing bugs experienced by users of the software. Also: I teamed up two AI tools to solve a major bug - but they couldn't do it without me I first used AI to do vulnerability scanning back in September with OpenAI's Codex. At the time, it failed because it couldn't handle a project-wide context. But when I teamed the AI pair programming tool with ChatGPT's Deep Research, which was better with lots of data, the two found a number of critical vulnerabilities in my security software, which I immediately fixed. Since then, both Codex and Claude Code have got better in terms of how much code they can process in one context, but neither is capable of handling an entire large codebase at once. Mythos can, however. It can even handle the relationships between codebases on a macro scale. But it's not available to the public, even via Enterprise-tier fees. Last month, OpenAI introduced Codex Security, which also offers a larger-scope context analysis. And now Claude Security can do similar larger-scale scans. This new product is capable of scanning a full repository or a targeted directory. According to Anthropic, "Claude reasons about code the way a security researcher does, tracing data flows, reading source code, and working out how components interact across files and modules." There's more to Claude Security, but first let's talk about the big vulnerability introduced by vulnerability-scanning AIs. Vulnerability scanners help defenders defend. But they also help attackers find where to attack. That was the whole point with the Rebels' attack on the Death Star. Once they knew of a vulnerability, they could exploit it. For example, both Microsoft and OpenAI have reported that state-affiliated actors from China, Iran, Russia, and North Korea have used large language models to research various companies and cybersecurity tools, debug code, generate scripts, and create content likely for use in phishing and spear-phishing campaigns. Also: AI is getting scary good at finding hidden software bugs - even in decades-old code Anthropic is trying to prevent its models from being used in similar ways. As of the launch of Opus 4.7, the company includes new cyber safeguards that automatically detect and block requests suggestive of prohibited or high-risk cybersecurity uses. For example, Opus 4.7 now blocks "Activities that are almost always used maliciously and have little to no legitimate defensive application such as mass data exfiltration or ransomware code development." On the other hand, what about activities that have legitimate defensive applications, such as vulnerability exploitation or offensive security tooling development? Opus 4.7 also blocks these activities, but cybersecurity researchers who are approved to join Anthropic's Cyber Verification Program gain access to AI capabilities in this restricted gray zone. Also: This new Claude Code Review tool uses AI agents to check your pull requests for bugs - here's how Effectively, those able to obtain a security clearance from Anthropic can use Opus 4.7 to perform blocked security activities in the course of doing their job. Disclosure: I am an authorized member of Anthropic's Cyber Verification Program, so I have access to these capabilities as part of my cyberwarfare, cyberdefense, and counterterrorism work. The problem with vulnerability scanning is that it can become a firehose of noise. Every little thing can be flagged, and you can spend hours or days chasing down a bug that is of fairly little consequence instead of repairing a vulnerability that can cause an extinction-level event. Claude Security is introducing a "multi-stage validation pipeline independently verifies each finding before it reaches an analyst, and every result gets a confidence rating." The AI is able to explain each "finding" in detail, including factors like confidence, severity, likely impact, reproduction steps, and recommended fix. This can be enormously helpful, because developers can then prioritize working on those high-confidence, large-impact, severely troubling problems first, without having to waste time on lesser issues. Also: Why AI is both a curse and a blessing to open-source software - according to developers From these findings, Claude Security gives defenders the ability to open the code in Claude Code, in context, so they can see and modify the areas needing work right from the finding results. Anthropic has also added a series of workflow optimizations. It says, "We've added scheduled scans for ongoing coverage, the ability to dismiss findings with documented reasons (so future reviewers can trust prior triage decisions), and CSV and Markdown export for integrating findings into existing tracking and audit systems." Claude Security subscribers can work with technology and security partners. Anthropic specifically pointed out technology partners including CrowdStrike, Palo Alto Networks, SentinelOne, Trend.ai, and Wiz, which are integrating Opus 4.7 into their cybersecurity platforms. Also: Google bets $32B on AI agent cyber force as security arms race escalates The company is also working with security partners including Accenture, BCG, Deloitte, Infosys, and PwC, which are deploying Claude Security to help enterprises strengthen their security posture. Do you see AI vulnerability scanning as more useful for finding dangerous flaws or for helping developers prioritize fixes faster? Let us know in the comments below.

Anthropic announces Claude Security public beta to find and fix software vulnerabilities - SiliconANGLE

Anthropic announces Claude Security public beta to find and fix software vulnerabilities Anthropic PBC announced the launch of Claude Security in public beta mode today to help cybersecurity teams scan their codebases for vulnerabilities and generate patches. Part of Claude Enterprise, the company's subscription model aimed at large organizations, Security began as a research preview as Claude Code Security in February. Since its introduction, the company said hundreds of organizations have used it to discover and fix exploits in production code, including vulnerabilities existing tools had missed for years. The new security tool is powered by the company's flagship artificial intelligence model, Opus 4.7, as a dedicated defensive product, part of a longer-term trend for the company as a cybersecurity angle. Anthropic recently launched Project Glasswing, debuting the use of the company's Mythos model, which was not originally designed as a security model but has proved particularly adept at discovering vulnerabilities. Glasswing brings together numerous technology partners to secure the world's production software. Following this initiative, the company said customers can now work with partners building on Claude's security capabilities. This includes Anthropic's technology partners, such as CrowdStrike Holdings Inc., Palo Alto Networks Inc., SentinelOne Inc., Trend Micro Inc.'s Trend.ai and Wiz Inc., integrating Opus 4.7 into their cybersecurity platforms. Anthropic said that with these new capabilities, Claude can now reason over entire codebases by thinking similarly to the way a cybersecurity researcher does. Instead of looking for known patterns, it traces data flows, reads source code and examines interactions between code components and files to synthesize network effects. The model then verifies everything with a confidence rating before it reaches an analyst so that it can provide more trustworthy outputs. Anthropic also said the model will do its homework as it goes, explaining its reasoning along the way, its confidence factors, the likelihood that a vulnerability can be exploited, the triage factors and how effective a fix will be. From there, users can open a Claude Code session to apply the fix directly in context, with no more waiting days to go back and forth with security and engineering teams to get it tested and working. Anthropic said that after feedback from the research preview, the company added scheduled scans for ongoing coverage, the ability to dismiss findings with documented reasons (essentially notes for future reviewers to triage analysis), and comma-separated and Markdown exports for easy import into existing audit systems.

Anthropic's Powerful New Cybersecurity Tool Is Designed to Find Vulnerabilities in Your Code -- and Patch Them

The AI giant announced on Thursday that Claude Security is in public beta for Claude Enterprise customers across the world to use to defensively scan their own code for vulnerabilities; it can also suggest and deploy patches. Anthropic announced service partners including Accenture, BCG, Deloitte, Infosys, and PwC, which the company says are already deploying Claude to ramp up enterprise security. "To combat AI-fueled cyber threats, our clients need advanced solutions they can deploy today, not tomorrow," global lead of Accenture Cybersecurity Harpreet Sidhu said in a statement. "With this powerful model, Accenture is already delivering mission-critical cyber defenses at scale, helping organizations move quickly from adoption to immediate implementation." The launch of Claude Security follows on the heels of reports that Claude Mythos, Anthropic's most powerful and heavily guarded model to-date, has demonstrated tremendous capabilities in identifying and exploiting software vulnerabilities. (Last week, Anthropic confirmed it is "investigating a report" that Mythos has already been accessed by unauthorized users, despite its very limited preview release.)

Anthropic launches Claude Security in public beta for enterprise customers

Anthropic has launched Claude Security in public beta, an AI-powered tool for enterprise security teams to scan codebases for vulnerabilities and generate patches. Powered by Claude Opus 4.7, the product reasons through code like a human researcher, tracing data flows and mapping component interactions. This offering aims to enhance code security by identifying bugs missed by traditional tools. Anthropic has launched Claude Security in public beta, giving enterprise security teams an AI-powered tool to scan codebases for vulnerabilities and automatically generate patches. The product is powered by Claude Opus 4.7 and is rolled out to Claude Enterprise customers globally, with access for Team and Max subscribers to be launched soon. It was first released as Claude Code Security in research preview in February, and hundreds of organisations have since used it to surface bugs that existing tools had missed for years. Shares of companies in the cyber security solutions space nosedived after Anthropic unveiled the tool. Unlike traditional scanners that match against known vulnerability patterns, Claude Security reasons through code the way a human researcher would. It traces data flows and maps how components interact across files and modules. A multi-stage validation pipeline then verifies each finding independently before it reaches an analyst, with every result assigned a confidence and severity rating. From there, users can move directly into a Claude Code session to review and apply a fix, with full context on the issue's likely impact and reproduction steps. This is part of Anthropic's wider push to make frontier AI capabilities available to defenders. It sits alongside new cyber safeguards built into Opus 4.7, which automatically detect and block high-risk cybersecurity requests, and Project Glasswing, Anthropic's initiative to protect critical software infrastructure. Technology partners including CrowdStrike, Palo Alto Networks, SentinelOne, Trend.ai, and Wiz are integrating Opus 4.7 into their platforms.

Anthropic Launches Claude Security: 5 Things To Know

The public beta of Claude Security for Claude Enterprise customers is aimed at enabling discovery of code vulnerabilities and generation of fixes. Anthropic announced Thursday it's moving Claude Security, formerly known as Claude Code Security, into public beta to enable rapid AI-powered vulnerability discovery and remediation. The launch follows the widely discussed disclosure about Anthropic's Claude Mythos Preview earlier this month, though the Claude Security offering does not leverage Mythos. [Related: How CISOs Need To Prepare For The Claude Mythos Era Of Cyberattacks: Experts] "Today's models are already highly effective at finding flaws in software code," Anthropic said in a blog post Thursday. "The next generation will be more capable still, and will be particularly effective at autonomously exploiting these flaws." What follows are five things to know about Anthropic's launch of Claude Security. Availability For Enterprise Customers Anthropic said that it is opening up availability of its Claude Security offering more broadly with its move from limited research preview -- which saw the tool tested by "hundreds of organizations of all sizes" -- into public beta. The public beta is available for all Claude Enterprise customers, the company said. Claude Team and Max customers are not yet able to access the offering, though Anthropic said that access for customers on those tiers is "coming soon." The offering, under the previous name of Claude Code Security, was originally announced in late February. Claude Mythos Not Included Following Anthropic's announcement about its unreleased Claude Mythos Preview earlier this month, the security industry has signaled that a massive push is needed around vulnerability management and hardening environments against a potentially massive spike in cyberattacks from the use of similar capabilities. Anthropic disclosed on April 7 that Claude Mythos Preview points to the fact that "AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities." However, Claude Mythos Preview will remain only available to participants in the company's Project Glasswing initiative, with the model not being utilized for Claude Security, Anthropic said. Opus 4.7 Is The Basis Instead of Claude Mythos Preview, Anthropic said that its recently debuted Opus 4.7 model will form the basis of the Claude Security offering. "Our cybersecurity efforts go beyond Glasswing," Anthropic said in a post Thursday. "With Claude Security, a much wider set of organizations can put our most powerful generally-available model, Claude Opus 4.7, to work across their codebases." Ultimately, "Opus 4.7 is among the strongest models available for finding and patching software vulnerabilities, and for discovering complex, context-dependent issues that might otherwise be missed," the company said. The offering "comes with scheduled and targeted scans, easier integration with audit systems, and improved tracking of triaged findings," Anthropic said. Focus On Remediation In addition to discovery vulnerabilities in code, Claude Security will also bring a focus on generating proposed fixes for those issues, Anthropic said. From its testing of Claude Security so far, Anthropic has learned that "time from scan to fix is the metric that matters." "Early users pointed to this consistently, with several teams going from scan to applied patch in a single sitting, instead of days of back-and-forth between security and engineering teams," the company said. Accenture, Infosys Among Users So Far On the list of organizations that have used Claude Security so far is consulting giant Accenture, No. 1 on CRN's Solution Provider 500 for 2025, as well as Infosys, No. 8 on CRN's Solution Provider 500. Other organizations that have used the offering, which were listed by Anthropic, include Deloitte and PwC. The companies are "working alongside enterprise security organizations to deploy Claude-integrated security solutions for vulnerability management, secure code review, and incident response programs," Anthropic said in its post. In terms of vendors, Anthropic pointed to partnerships with CrowdStrike, Microsoft, Palo Alto Networks, SentinelOne, TrendAI and Google Cloud-owned Wiz, which are "integrating Opus 4.7's capabilities into the security platforms that enterprises already run on today," the company said.