Anthropic's new Claude Security tool scans your codebase for flaws - and helps you decide what to fix first

Anthropic has introduced Claude Security, a new defensive cybersecurity product now in public beta for Enterprise-tier Claude users. The tool leverages the Claude Opus 4.7 model to perform deep codebase analysis, scanning entire repositories or targeted directories. According to Anthropic, "Claude reasons about code the way a security researcher does, tracing data flows, reading source code, and working out how components interact across files and modules." It then generates targeted patches for discovered vulnerabilities and helps developers prioritize fixes based on risk. This moves AI vulnerability scanning into developer workflows, offering a more contextual approach than previous tools that lacked project-wide context.

Claude Security builds on Anthropic's broader defensive efforts, including Project Glasswing, a collaborative initiative with major tech companies like Apple, Google, and Microsoft that uses the private Mythos model to scan critical open-source infrastructure. While Mythos remains restricted due to its power, Claude Security is publicly available (for now, to Enterprise plans). The tool enters a competitive space: OpenAI recently launched Codex Security with similar large-scale scan capabilities. However, a key concern remains that such vulnerability-scanning AIs could also aid attackers in finding exploitable flaws. Both Microsoft and OpenAI have reported state-affiliated actors using AI for reconnaissance. Anthropic frames Claude Security as a defensive measure, but the dual-use potential underscores the need for careful deployment.