Claude Code: Scan, Verify, and Patch Vulnerabilities
▼ Summary
– Anthropic has launched a limited research preview of Claude Code Security, a new feature for its Claude Code web tool.
– The system analyzes code, traces data flows, and identifies complex, multi-component vulnerabilities that other scanners frequently overlook.
– It includes an adversarial verification step to re-check findings, which improves accuracy by reducing false positives.
– For each identified issue, it suggests a fix with a recommended patch, but all changes require explicit human developer approval.
– The preview is available to enterprise and team customers, with free access applications open for open-source maintainers.
Anthropic has introduced a new security-focused feature for its Claude Code platform, currently available through a limited research preview. This tool, named Claude Code Security, is designed to help developers identify and address vulnerabilities within their codebases more effectively than many traditional scanners. It represents a significant step in applying advanced AI to the critical field of cybersecurity.
Claude Code Security analyzes code context, traces data flows between files, and flags multi-component vulnerability patterns that existing scanners often miss. This deep, contextual analysis allows it to uncover complex security issues that might otherwise go unnoticed. To ensure the reliability of its findings, each potential vulnerability identified by the system undergoes an adversarial verification pass. This secondary review process re-examines the results before they are presented to the developer, which significantly increases the share of valid findings and reduces false positives.
Beyond simply pointing out problems, the tool actively suggests solutions. When it identifies an issue, it provides a recommended patch for development teams to review and approve. The company emphasizes that this is an assistive technology, not an autonomous one. “Nothing is applied without human approval: Claude Code Security identifies problems and suggests solutions, but developers always make the call,” Anthropic stated. This ensures that developers retain full control over their code while benefiting from AI-powered insights.
The development of this feature is grounded in extensive research. Anthropic notes that Claude Code Security builds on more than a year of focused investigation into Claude’s cybersecurity capabilities. The company has practical, internal experience with the underlying technology, stating, “We also use Claude to review our own code, and we’ve found it to be extremely effective at securing Anthropic’s systems. We built Claude Code Security to make those same defensive capabilities more widely available.”
A key advantage for development teams is integration. Since the security tool is built directly into the Claude Code environment, teams can review findings and iterate on fixes within the tools they already use, streamlining the security review workflow without disrupting established processes.
Access to this limited research preview is currently being offered to enterprise and team customers, who will receive early access and have the opportunity for direct collaboration with Anthropic’s development team. Recognizing the importance of securing open-source software, Anthropic is also inviting open-source maintainers to apply for free access to the tool, extending its security benefits to critical community-driven projects.
(Source: HelpNet Security)
