Anthropic has introduced Claude Code Security, a new AI-driven capability built into Claude Code that helps detect security vulnerabilities in software codebases and suggest fixes. It’s currently rolling out in a limited research preview for Enterprise, Teams, and select open-source maintainers.

What Claude Code Security Does

• Scans entire codebases for potential security flaws, beyond what traditional static scanners often catch, by reasoning about code structure and data flows.
• Suggests targeted patches and assigns severity & confidence scores to each finding.
• Uses a multi-stage verification process to help reduce false positives before presenting results to developers.
• All suggested changes require human review and approval before being applied.

AI-Assisted but Human-Driven

Anthropic emphasizes that Claude Code Security is intended as a defensive tool to give developers better visibility into vulnerabilities that might otherwise be overlooked. While it uses AI reasoning and deep analysis, developers remain in control of reviewing and applying fixes.

Under the Hood

The tool builds on Claude Code’s existing abilities—an AI coding assistant that can understand whole codebases and execute tasks such as search, analysis, and code generation by reasoning about context. Claude Code itself runs locally but relies on Anthropic’s Claude models in the cloud for the intelligence behind these deeper analyses.

Why It Matters

AI adoption in software engineering is expanding rapidly, and tools like Claude Code Security aim to automate parts of the security review process, potentially catching issues that rule-based scanners miss. Early adopters see this as a way to improve security workflows and reduce manual effort.