Anthropic launched Claude Security into public beta: it scans your code, finds vulnerabilities, and proposes patches.

Anthropic launched Claude Security into public beta for Enterprise customers, with Team and Max access coming later. The tool scans codebases like a security researcher: it traces data flows across files, understands business logic, and catches vulnerabilities that traditional SAST tools miss due to cross-file reasoning limitations. Key features include parallel scanning with multi-file context, adversarial self-verification on every finding to dramatically cut false positives, and suggested patches that match your existing code style. It integrates with Slack, Jira, and webhooks for findings delivery, supports scoped scans at the subdirectory level, and scheduled scans. Claude Security is powered by the same LLM models Anthropic uses internally for its own security, providing a real-world dogfooding signal.

This tool represents a genuine leap over traditional SAST tools, which drown teams in false positives and miss anything requiring cross-file reasoning. An LLM that actually understands code semantics and then writes the fix is the right shape of tool for the problem. However, the dual-use nature is uncomfortable: the same capability that finds bugs for defenders can find bugs for attackers. Anthropic published research on "LLM-discovered 0-days" and is betting that defenders deploying first creates an asymmetry in favor of the good guys. A successful Claude Security deployment produces a concentrated, validated, well-explained list of exactly where your software is broken. If that list leaks (via compromised Slack webhook, insider, or misconfigured S3 bucket), an attacker gets a pre-built attack plan. The product doesn't create new attack surface against random websites, but it does create a very high-value internal artifact that must be guarded like crown jewels.