Anthropic launched Claude Security: AI service finds code vulnerabilities and suggests patches

30 April 2026, Anthropic launched a public beta of Claude Security — a tool for finding vulnerabilities directly in a company's codebase. The service runs on the Claude Opus 4.7 model, analyzes the repository itself, validates findings, and suggests which issues make sense to fix first.

Who has access to Claude Security and why

Claude Security, previously called Claude Code Security, is now available to Claude Enterprise tier customers. In essence, this is an attempt to turn a powerful model for security engineers into a practical working tool: without separate API integration, without custom agent assembly, and without manual pipeline stitching from multiple services. If a company already uses Claude, it can enable the new mode through the admin panel and start scanning repositories almost immediately. Access for Team and Max tier users is promised later.

For Anthropic, this is more than just another AI feature in an IDE. The company directly links the launch to accelerating cyber threats: models are finding weaknesses in software faster and faster, which means defense also needs a new pace. That's why the product is presented not as a replacement for the AppSec team, but as a way to shorten the path from problem detection to a ready patch. In a corporate environment, it's usually this time savings that determines whether a bug makes it into a release or not.

How the analysis works

Claude Security can be opened from the Claude sidebar or through a dedicated security interface. The user selects a repository, branch, or specific directory, after which the model begins scanning. Unlike classic rule-based scanners, Anthropic bets on contextual analysis: the system tracks connections between modules, monitors how data flows through the code, and tries to understand the real logic of the application rather than just signature matching. This approach is particularly important for logical errors and access issues.

The output for the team is not just a list of suspicious locations, but a more practical packaging of results. Claude shows how confident it is in the finding, how critical it is, what the potential damage could be, and how to reproduce the problem. Then it generates instructions for targeted fixes, and if needed, opens a task in Claude Code on the Web, where the patch can be refined in the context of the specific file and related code.

"AI compresses the time between vulnerability discovery and exploitation," — this is how

Anthropic explains its focus on such tools.

What was added after preview

Anthropric reports that during the two-month preview period, hundreds of organizations tested Claude Security. Based on this period, the company polished not showcase features, but things that security teams need in their daily work. The main conclusion of the developers is simple: value comes not from the fact of scanning itself, but from the speed at which a finding becomes a confirmed task and then a real fix. That's why the release focuses on operational details.

• Scheduled scans on a schedule instead of one-time checks
• Targeted execution by directory within a repository
• Reduction of false positives through multi-stage finding validation
• Export results to CSV and Markdown for audit and tracking
• Send results to Slack, Jira, and other systems via webhooks

Anthropric specifically emphasizes that the tool can store the reasons for dismissing findings, so the next check doesn't return already-reviewed cases without context. This is important for large companies where triage is often spread across security engineers, developers, and platform teams.

In parallel, the company is expanding its implementation network: Opus 4.7 capabilities are already being embedded in CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, TrendAI, and Wiz products, while Accenture, BCG, Deloitte, Infosys, and PwC help deploy such scenarios in corporate processes.

What this means

Anthropric is moving the market toward a model where AI in security is responsible not only for finding bugs, but also for prioritization, risk explanation, and fix preparation. If the detection quality really turns out to be high, large teams will be able to close complex logical vulnerabilities faster, ones that ordinary static scanners miss for years, which means the window between problem discovery and resolution will become noticeably shorter. For large product teams, this is no longer an experiment, but a potential part of the standard secure development process.