Anthropic Opens Claude Security Beta for Codebase Vulnerability Scanning

Anthropic has taken Claude Security out of closed preview, making the AI‑powered vulnerability scanner available in public beta for Claude Enterprise customers, The New Stack reported. Support for Team and Max plans is coming soon — a notable expansion from the private preview, which was limited to Enterprise and Team users.

The private preview launched in February 2026, before the splashier announcements of Claude Mythos and Project Glasswing. But the mission is similar: put frontier AI capabilities in the hands of security defenders. Since its launch, Anthropic says "hundreds of organizations" have used Claude Security to fix issues in their production code "that existing tools had missed for years," The New Stack reported.

Claude Security takes a fundamentally different approach from traditional static analysis tools. Instead of pattern‑matching against known vulnerability signatures, it scans an entire codebase using multiple agents that run in parallel, stepping through source code and examining data flows to build a complete picture of the attack surface, The New Stack noted.

When the tool detects an issue, it does not just flag it and move on. It runs an additional validation pipeline to verify the finding, challenging its own conclusions to reduce false positives. Every finding includes a confidence rating on severity, reproduction steps, and a recommended patch — which can be worked through directly in Claude Code on the Web.

"Users can open a Claude Code session to work through the patch in context, instead of days of back‑and‑forth between security and engineering," SecurityWeek reported, citing Anthropic's announcement.

Claude Security runs on Claude Opus 4.7, which The New Stack described as "not quite as smart as Mythos," per The New Stack, citing Anthropic — making it effectively "Mythos Lite." The tradeoff is significant: while Mythos remains locked behind restricted access with government oversight, Claude Security is available right now to any Claude Enterprise customer.

The risk profile is also different. Claude Security is designed to find vulnerabilities and suggest fixes, not to write exploits. But The New Stack noted the dual‑use concern: if you can scan your own codebase for security holes, you could also scan open‑source libraries for potential zero‑day attacks, even if Claude Security will not write the exploit for you.

Anthropic is not going it alone. SecurityWeek reported that CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, Trend.ai, and Wiz are integrating Opus 4.7's capabilities into their existing security platforms. On the consulting side, Accenture, BCG, Deloitte, Infosys, and PwC are deploying Claude‑integrated solutions for vulnerability management, secure code review, and incident response.

"Together we're helping our clients close the critical gap between threat discovery and remediation," said Adnan Amjad, partner and US cyber leader at Deloitte & Touche, per SecurityWeek.

Anthropic added several features during the closed preview based on security team feedback. The most requested capability was scheduled scans, which allows teams to set a regular cadence for reviewing and acting on findings rather than relying on one‑off audits. Security teams also asked for the ability to dismiss findings with comments and export results in CSV and Markdown formats to bring scan data into existing workflows, The New Stack reported.

The tool is accessible from the Claude.ai sidebar or directly at claude.ai/security. It requires no API integration or custom agent build — users select a repository, directory, or branch and start scanning.

It is worth distinguishing Claude Security from Claude Code Review, another Anthropic tool that scans codebases for problems. Code Review is a multi‑agent review tool that flags all kinds of bugs, including security issues, but its focus is broader. The New Stack reported that Cat Wu, head of product for Claude Code at Anthropic, said while Code Review will flag security issues, "it's not as thorough as Claude Code Security."

For builders deciding which tool to use: Code Review is for general code quality across your PRs. Claude Security is specifically for deep vulnerability hunting across your entire codebase, with the validation pipeline and confidence ratings that security teams need.

Claude Security is available now for Claude Enterprise customers, with Team and Max access coming soon. There is no additional API integration required — it works within the existing Claude Code web interface. The tool runs on Opus 4.7, which means it benefits from the same model that powers Anthropic's general coding assistant.

The broader context matters: with both OpenAI's GPT‑5.5-Cyber and Anthropic's Claude Security launching in the same week, AI‑powered security scanning is clearly moving into mainstream enterprise tooling. The key difference is accessibility — Claude Security is available to any Enterprise customer today, while GPT‑5.5‑Cyber requires a separate application and vetting process. For builders who need vulnerability scanning now, Claude Security is the one you can actually start using.