Anthropic opens Claude Security beta

Security tooling is getting pulled into the same race as coding tools. Models are getting good enough to find subtle software flaws, and the scary part is that the same jump in capability can help attackers exploit them faster. That is the gap Anthropic is trying to close. On April 30, it moved Claude Security into public beta for Claude Enterprise customers, turning a limited research preview into a product security teams can actually deploy. (claude.com) ### What is Claude Security, exactly? Basically, it is Anthropic’s AI vulnerability scanner for source code. A team picks a repository — or narrows the scope to a branch or directory — and Claude scans for security issues, explains why they matter, and proposes fixes. Anthropic says the product is available from the Claude sidebar and does not require an API integration or a custom agent build just to get started. (c([claude.com)## What changed this week? The big change is access. In February, the tool showed up as “Claude Code Security” in a limited research preview for Enterprise and Team customers, with Anthropic framing it as an experiment to refine the system and keep it in defenders’ hands. Now it has been renamed Claude Security and opened in public beta to all Claude Enterprise customers. Anthropic also added scheduled and targeted s(claude.com)ged findings. (anthropic.com) ### Why isn’t this just another static scanner? Traditional static analysis usually works by matching code against known bad patterns. That catches obvious problems, but it can miss the ugly stuff — business-logic flaws, broken access control, or bugs that only make sense when several components interact. Anthropic’s pitch is that Claude reasons through a codebase more like a human security researcher would, tracin(anthropic.com)gnatures. (anthropic.com) ### How does it keep false alarms down? This is one of the more important details. Anthropic says findings go through a multi-stage verification process before they reach an analyst. The model re-checks its own work, tries to prove or disprove findings, and then assigns severity and confidence ratings so teams can sort what deserves attention first. That matters because security teams do not need one more firehose (anthropic.com)on. (anthropic.com) ### What model is doing the work? Anthropic is using Claude Opus 4.7, which it describes as its strongest generally available model for this kind of work. Opus 4.7 launched on April 16 and is positioned as a premium model for advanced coding, agentic workflows, and larger codebases, with a 1 million token context window. That last part matters because vulnerability hunting gets much better when the model can hold more of the codebase in view at once. (claude.com) ### Why is Anthropic pushing this now? Because Anthropic thinks the timeline between finding a flaw and exploiting it is collapsing. In the beta announcement, it explicitly tied Claude Security to a broader cyber push that includes Claude Mythos Preview — a more restricted capability the company says can match or surpass elite human experts at finding and exploiting vulnerabilities. The message is pretty direct: if of(claude.com)er. (claude.com) ### Is this only inside Anthropic’s own app? No — and that is part of the strategy. Anthropic says partners including CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, TrendAI, and Wiz are embedding Opus 4.7 into their own tools, while firms like Accenture, BCG, Deloitte, Infosys, and PwC are helping customers deploy Claude-based security workflows. So this is not just a feature launch. It is Anthropic trying to become plumbing for enterprise AppSec. (claude.com) ### What’s the bottom line? The interesting part is not that Claude can spot bugs. Lots of tools claim that. The real shift is that Anthropic is packaging detection, triage, and patch generation as one loop. If that works in practice — with humans still approving fixes — security teams get something closer to an AI copilot for backlog reduction, not just a smarter alarm bell. (claude.com)