Making Frontier Cybersecurity Capabilities Available to Defenders
Overview
Claude Code Security, a new capability integrated into Claude Code on the web, is now available in limited research preview. The tool scans codebases for security vulnerabilities and recommends targeted software patches for human review, helping teams identify and resolve security issues that conventional tools frequently overlook.
The Challenge
Security teams face significant pressure: numerous software vulnerabilities exist, but insufficient personnel can address them. Traditional analysis tools help only partially, as they typically identify known patterns. Discovering subtle, context-dependent vulnerabilities—the kind attackers actively exploit—requires skilled human researchers already managing extensive backlogs.
How It Works
Static analysis conventionally operates on rule-based matching, comparing code against recognized vulnerability patterns. While this catches obvious problems like exposed credentials or outdated encryption, it misses intricate issues such as business logic flaws or access control failures.
Claude Code Security takes a different approach: it examines code similarly to how human security researchers would, understanding component interactions, tracing data flow, and catching complex vulnerabilities that rule-based systems miss.
The process includes multi-stage verification. Claude reexamines findings, attempting to validate or refute its own results and eliminate false positives. Findings receive severity ratings, allowing teams to prioritize critical fixes. A confidence rating accompanies each discovery. Importantly, human developers maintain final approval—Claude identifies problems and suggests solutions only.
Research Foundation
Claude Code Security builds on over one year of cybersecurity research. The Frontier Red Team has systematically tested these capabilities through competitive Capture-the-Flag events, collaborations with Pacific Northwest National Laboratory on critical infrastructure defense, and refinement of vulnerability detection and patching abilities.
Using Claude Opus 4.6, the team discovered "over 500 vulnerabilities" in production open-source codebases that had escaped detection despite decades of expert scrutiny. Responsible disclosure efforts with maintainers are underway.
Anthropic internally uses Claude for code review with strong results for system security.
Availability
Claude Code Security launches as a limited research preview for Enterprise and Team customers. Open-source repository maintainers can apply for free expedited access.
Apply here: https://claude.com/contact-sales/security
Learn more: claude.com/solutions/claude-code-security