Anthropic has launched Claude Code Security, an AI-powered vulnerability scanner built into Claude Code on the web, now available as a limited research preview. Unlike traditional static analysis tools that rely on rule-based pattern matching, Claude Code Security reads and reasons about code similarly to a human security researcher — understanding component interactions, tracing data flows, and identifying complex vulnerabilities such as business logic flaws and broken access control that conventional tools typically miss. Each finding undergoes a multi-stage verification process where Claude attempts to prove or disprove its own results, filtering out false positives before presenting validated findings with severity and confidence ratings in a dashboard for human review.

The tool builds on over a year of cybersecurity research at Anthropic, including competitive Capture-the-Flag events and partnerships with Pacific Northwest National Laboratory on critical infrastructure defense. Using Claude Opus 4.6, the team reports finding over 500 vulnerabilities in production open-source codebases — bugs that had evaded detection for decades despite expert review. Anthropic positions the tool as a way to give defenders an advantage in an era where AI will increasingly be used by both attackers and defenders. The research preview is available to Enterprise and Team customers, with free expedited access offered to open-source maintainers.