Key Findings

• Anthropic is rolling out a new security feature for Claude Code that can scan a user's software codebases for vulnerabilities and suggest patching solutions.

• The feature, called Claude Code Security, will initially be available to a limited number of enterprise and team customers for testing.

• Claude Code Security goes beyond traditional static analysis by reasoning about the codebase like a human security researcher, understanding how components interact, tracing data flows, and flagging vulnerabilities that may be missed by rule-based tools.

• Each identified vulnerability undergoes a multi-stage verification process to filter out false positives, and they are assigned severity ratings to help teams prioritize the most important fixes.

• The goal is to automate large portions of the software security review process while maintaining a human-in-the-loop approach, where developers retain control over approving any patching or changes.

Background

Large language models have shown increasing promise at both code generation and cybersecurity tasks over the past two years, speeding up the software development process but also lowering the technical bar required to create new websites, apps, and other digital tools. This has raised concerns about bad actors using the same capabilities to scan victim environments faster and find exploitable weaknesses.

Anthropic is betting that as "vibe coding" becomes more widespread, the demand for automated vulnerability scanning will outpace the need for manual security reviews. The company claims that Claude Code Security can reduce large chunks of the software security review process to a few clicks, with the user approving any patching or changes prior to deployment.

Cybersecurity Capabilities and Limitations

Threat researchers have noted that while the cybersecurity capabilities of large language models have clearly improved in recent years, they tend to be most effective at finding lower-impact bugs. Experienced human operators are still needed in many organizations to manage the model and deal with higher-level threats and vulnerabilities.

However, tools like Claude Opus and XBOW have shown the ability to unearth hundreds of software vulnerabilities, in some cases making the discovery and patching process exponentially faster than it was under a team of humans. Anthropic claims that Claude Opus 4.6 is "notably better" at finding high-severity vulnerabilities than past models, identifying flaws that "had gone undetected for decades."

Availability and Limitations

Interested users can apply for access to the Claude Code Security program. Anthropic clarifies that testers must agree to only use the feature on code their company owns and holds the necessary rights to scan, not third-party owned or licensed code or open-source projects.

Sources

• https://cyberscoop.com/anthropic-claude-code-security-automated-security-review/

• https://thehackernews.com/2026/02/anthropic-launches-claude-code-security.html

• https://blogs.nionee.com/anthropic-rolls-out-embedded-security-scanning-for-claude/

• https://x.com/ThreatSynop/status/2024971943758217409