Anthropic opens Claude Security to enterprise

Security tools are getting a new shape. Instead of just matching code against lists of known bad patterns, they’re starting to read software more like a human reviewer would. That matters because a lot of the bugs that actually hurt companies are the messy ones — spread across files, tied to business logic, and easy for older scanners to miss. This week, Anthropic pushed that idea further by opening Claude Security in public beta for Claude Enterprise customers. (claude.com) ### What actually launched? Anthropic’s new product is called Claude Security. It’s the public-beta version of what the company introduced in February as “Claude Code Security,” a limited research preview. The core pitch is simple: point Claude at a codebase, let it look for serious vulnerabilities, then have it propose patches that humans can review and approve. Anthropic says nothing gets applied automatically. (claude.com) ### What does Claude Security do differently? Traditional static analysis tools are usually rule-based. They’re good at catching common patterns — hardcoded secrets, outdated crypto, obvious injection mistakes. But they struggle when the problem depends on context. Anthropic is betting that a reasoning model can follow data flows across files, understand how components interact, and spot logic bugs or broken a(claude.com)aude Security also runs an adversarial verification pass on its own findings before showing them to teams, which is basically a built-in second opinion meant to cut false positives. (claude.com) ### What kinds of bugs is it aimed at? Anthropic is focusing the product on high-severity issues — memory corruption, injection flaws, authentication bypasses, and logic errors. That focus matters. This is not being sold as a general linting tool or a catch-all code assistant. It’s being framed as a security review layer for the expensive bugs, the ones that usually burn analyst time because they need real inv(claude.com). (claude.com) ### Why package this now? Part of the answer is model capability. Anthropic launched Claude Opus 4.7 on April 16 and pitched it as a stronger model for advanced software engineering, especially long-running and difficult coding tasks. Anthropic also said Opus 4.7 was the first model released with new cyber safeguards meant to block prohibited or high-risk security use. So Claude Security arrives at a moment wh(claude.com)o deeper review work — but also risky enough that guardrails need to be part of the product story. (anthropic.com) ### How does this fit into enterprise workflows? Anthropic clearly wants this to live inside existing security operations, not beside them. Claude Security can push findings through webhooks to Slack, Jira, or other ticketing systems, export results for audit, and run recurring scans. That sounds boring, but it’s the part that decides whether a tool becomes real infrastructure or just another dashboard nobody checks after week two. (claude.com) ### Where does Apple come in? The Apple angle is less about this product directly and more about momentum. Apple said in February that Xcode 26.3 supports agentic coding with Anthropic’s Claude Agent and OpenAI’s Codex built into the workflow. Then this week, leaked CLAUDE.md files inside an Apple Support app build suggested Apple may also be using Claude-oriented instructions internally. The leak doesn’t prov(claude.com)gest Anthropic’s tooling is already sitting inside very serious software environments. (apple.com) ### What’s the catch? The catch is the same one Anthropic says out loud: Claude can make mistakes. A model that can find and suggest fixes for vulnerabilities is useful for defenders, but similar capabilities can help attackers too. That’s why Anthropic is keeping human approval in the loop and wrapping the broader Opus 4.7 rollout in cyber-use restrictions. Bas(apple.com)same thing as trust. (claude.com) ### Bottom line Claude Security matters less as a single feature launch and more as a signal. Anthropic is turning its coding models into enterprise security products — not just assistants that write code, but systems that inspect, prioritize, and draft fixes for dangerous flaws. If that works, the security stack starts to look a lot more like an AI reviewer with a ticketing integration. (claude.com)