← Back
Anthropic
Anthropic launches Claude Code Security in limited preview; found 500+ zero-day vulnerabilities in open-source code
Claude CodeClaude · featuresecurityapirelease · anthropic.com ↗

Claude Code Security: AI-Powered Vulnerability Detection

Anthropic announced Claude Code Security, a new capability integrated into Claude Code on the web designed to help security teams automatically discover and patch vulnerabilities in source code. Unlike traditional static analysis tools that match code against known vulnerability patterns, Claude Code Security reasons about code semantics the way human security researchers do—understanding component interactions, tracing data flow, and identifying complex vulnerabilities like business logic flaws and broken access control.

Key Technical Capabilities

The tool includes several safeguards and verification mechanisms:

  • Intelligent analysis: Claude reads code holistically to detect context-dependent vulnerabilities that rule-based tools typically miss
  • Multi-stage verification: Every finding undergoes re-examination to filter out false positives before reaching analysts
  • Severity and confidence ratings: Findings are prioritized and flagged with confidence levels to guide remediation efforts
  • Human-in-the-loop approval: All identified issues and suggested patches require developer review and approval—Claude identifies problems and suggests solutions, but developers retain full control

Proven Track Record

Claude Code Security builds on over a year of cybersecurity research. Using Claude Opus 4.6, Anthropic's Frontier Red Team discovered over 500 zero-day vulnerabilities in production open-source codebases—critical bugs that had gone undetected for years despite expert review. The team has also:

  • Participated in competitive Capture-the-Flag cybersecurity events
  • Partnered with Pacific Northwest National Laboratory on critical infrastructure defense research
  • Validated the tool's effectiveness by using it to secure Anthropic's own systems

Availability and Access

The limited research preview is now available to Enterprise and Team customers, with expedited access provided for open-source maintainers. Organizations can apply for access at claude.com/contact-sales/security. Since the tool is built on Claude Code, security teams can review findings and iterate on fixes within tools they already use.

Anthropic emphasizes this is a pivotal moment for cybersecurity—as AI tools become more effective at finding vulnerabilities, both defenders and attackers will leverage these capabilities. The goal is to ensure defenders can identify and patch security issues faster than attackers can exploit them.