Anthropic AI Finds Hundreds of Code Flaws

- The newly launched "Claude Code Security" feature was responsible for the market disruption. This tool is designed to scan codebases, identify security flaws, and suggest specific software fixes for human review. - The vulnerabilities were discovered in widely used open-source libraries, including Ghostscript, a PDF and PostScript interpreter, OpenSC for smart card authentication, and the CGIF image handling utility. Some of these security flaws had gone undetected for decades despite reviews by human experts and automated tools. - Unlike traditional static analysis tools that match known vulnerability patterns, Claude Opus 4.6 is said to reason about code like a human security researcher. It analyzes how different components interact and traces the flow of data to find more complex and subtle bugs. - The announcement led to a significant sell-off in the cybersecurity sector, with CrowdStrike and Cloudflare shares dropping by approximately 8%, and Okta experiencing a decline of over 9%. The Global X Cybersecurity ETF also fell by nearly 5%. - This event is part of a larger trend of AI advancements causing anxiety among investors about the potential for AI-native firms to disrupt established software industries. The iShares Expanded Tech-Software Sector ETF has seen a significant decline in 2026, on pace for its largest quarterly drop since the 2008 financial crisis. - Anthropic is making the tool available in a limited research preview for Enterprise and Team customers, with expedited access for maintainers of open-source repositories to responsibly disclose and address the identified vulnerabilities.