Claude Security enters public beta to scan enterprise codebases and supply‑chain risks

Code scanning is turning into an AI product category fast. The pitch is simple — stop dumping giant lists of alerts on security teams, and start finding the bugs that (claude.com)ll with Claude Security, which entered public beta on April 30 for Claude Enterprise customers. The bigger story is not just “another scanner.” It is that Anthropic thinks defender(claude.com)offense side move much faster. (claude.com) ### What is Claude Security, exactly? Claude Security is Anthropic’s code(securityweek.com)es patches that a human can review and approve. Anthropic had been testing it in a limited research preview since February under the name Claude Code Security, and this week it widened access and shortened the name. (claude.com) ### What does it do that normal scanners miss? Traditional application security tools are often rule-based. They are good at spotting known bad patterns, but weaker at bugs that depend on context across files, data flows, and bus(claude.com)asons” through code more like a human researcher — tracing how components interact and surfacing multi-step flaws that pattern matching can miss. (claude.com) ### What does a scan actually return? The output is more operational than a raw alert feed. Findings come with severity ratings, confidence information, an explanation of why the issue matters, and a sugges(claude.com)lts, push them into Slack or Jira through webhooks, and schedule recurring scans so this becomes a workflow instead of a one-off audit. (claude.com) ### Why is Anthropic launching this now? Because Anthropic has been making a louder argument that AI is about to compress the time between “bug exists” and “bug exploited.” Its recent Mythos Preview disclosures were basically a warning sho(claude.com)haining vulnerabilities. Claude Security is the defensive answer: if attackers get faster, defenders need tools that can search codebases at machine speed too. (securityweek.com) ### Who can use it today? Right now, public beta access is for Claude Enterprise customers. Anthropic says Team and Max(claude.com) where the company sees the first buyers — larger organizations with existing security teams, ticketing systems, and review processes, not solo developers clicking “autofix” on a side project. (claude.com) ### Does Anthropic claim it is fully automatic? No — and that is an important caveat. Anthropic repeatedly frames the product as human-in-the-loop. Every patch is supposed to be reviewed and approved by dev(securityweek.com)ositives. Basically, the company knows trust is the whole game here. If the tool cries wolf too often, security teams will ignore it. (claude.com) ### So what is the real bet? The bet is that application security shifts from static detection to AI-assisted triage and remediation. If Claude Security works, the value is not j(claude.com)can and fix from days of back-and-forth into one review session, while plugging into the systems teams already use. (securityweek.com) ### Bottom line? Anthropic is not just selling a scanner. It is trying to define the defensive workflow for the AI-era software stack — find the issue, prove it is real, draft the fix, and keep a human in charge. Whether ent(claude.com) boring things that matter — consistency, privacy posture, and whether the tool earns a permanent place in existing security review loops. (claude.com)