Anthropic Launches AI Security Tool, Shaking Market

- The market reaction extended beyond the initially named firms, with Zscaler's stock dropping approximately 5.5%, Cloudflare's by 8.1%, and the Global X Cybersecurity ETF (a sector-wide fund) falling by nearly 5% to its lowest point since November 2023. - Anthropic claims the tool goes beyond traditional static analysis by reasoning about code like a human security researcher. It traces how data moves through an application to find complex flaws like business logic errors and broken access control, which pattern-matching tools often miss. - In internal tests using the Claude Opus 4.6 model, Anthropic reported finding and validating over 500 high-severity vulnerabilities in open-source projects, including memory corruption bugs that had gone undetected for years. For example, it identified a stack buffer underflow in GhostScript by analyzing the project's git commit history to find patterns similar to previously fixed flaws. - To reduce false positives, every potential vulnerability is put through a multi-stage verification process where the AI attempts to prove or disprove its own findings before presenting them to a developer with a confidence score. - The tool is entering a competitive space of AI-powered security analysis, with established players like Snyk and Checkmarx integrating AI features and other major AI labs, like OpenAI, also developing cybersecurity tools. - While the launch has created significant waves, some application security practitioners note that the tool, in its current form, analyzes static code and doesn't run the application. This means it may not be able to find runtime-specific vulnerabilities that only manifest when the application is live. - The tool is currently available in a limited research preview for Enterprise and Team customers, with Anthropic providing expedited access to maintainers of open-source software projects.