Claude Code Security: AI-Powered Vulnerability Scanning
Claude CodeAnthropic launched Claude Code Security on February 20, 2026, a reasoning-based AI vulnerability scanner built directly into Claude Code on the web. Powered by Claude Opus 4.6, the tool identified over 500 previously unknown high-severity vulnerabilities in production open-source codebases during internal testing β including flaws that had evaded detection for decades. Unlike traditional static analysis tools that match code against known patterns, Claude Code Security traces data flows and maps component interactions the way a human security researcher would. The capability is available as a limited research preview to Enterprise and Team customers, with expedited access for open-source maintainers.
Sources & Mentions
5 external resources covering this update
Anthropic's Claude Code Security is available now after finding 500+ vulnerabilities: how security leaders should respond
VentureBeat
Infosec community panics over Anthropic Claude Code Security
The Register
Anthropic rolls out embedded security scanning for Claude
CyberScoop
Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning
The Hacker News
Why Anthropic Launching Claude Code Security Is Great News for the Industry
Snyk
Claude Code Security: AI-Powered Vulnerability Scanning
Anthropic introduced Claude Code Security on February 20, 2026 β a reasoning-based vulnerability scanner embedded directly into the Claude Code interface. Available as a limited research preview for Enterprise and Team customers, the capability represents a fundamental shift in how AI-assisted security analysis works.
From Pattern Matching to Reasoning
Traditional static analysis tools operate by matching code against catalogs of known vulnerability patterns. Claude Code Security takes a different approach: it reasons about code contextually, the way a human security researcher would. Rather than scanning for signatures, it traces how data flows through an application, maps interactions between components, and identifies vulnerabilities rooted in business logic and access control β classes of flaws that rule-based scanners routinely miss.
The capability is built on Claude Opus 4.6, Anthropic's most advanced reasoning model. During internal testing against production open-source codebases, Claude Opus 4.6 identified over 500 high-severity vulnerabilities that had survived decades of expert review and continuous fuzzer coverage β including memory corruption flaws, injection vulnerabilities, and authentication bypasses.
Multi-Stage Verification
Claude Code Security includes a multi-stage validation process designed to reduce false positives. Each identified finding undergoes multiple review passes where Claude re-examines its own results before surfacing them to the developer. Findings are prioritized by severity and accompanied by confidence ratings, giving teams a structured basis for triage.
Human-in-the-Loop by Design
Nothing in Claude Code Security is applied automatically. The tool identifies vulnerabilities and suggests targeted patches, but developers review and approve every fix through an integrated dashboard within Claude Code's existing interface. This human-in-the-loop model ensures that AI-generated security changes are vetted before they reach production.
Availability
Claude Code Security launched as a limited research preview available to Enterprise and Team plan customers. Anthropic is offering expedited access to maintainers of open-source repositories who apply for the program. The capability is delivered through Claude Code on the web, not the CLI.