Anthropic launches Claude Security beta

Code scanning is getting a new kind of brain. Anthropic has pushed Claude Security into public beta, which means its AI vulnerability-finding tool is no longer a small research preview for a handful of testers. The pitch is simple but pretty ambitious — let an AI read a company’s codebase more like a security researcher than a rules engine, then suggest fixes without auto-shipping anything. That matters because the gap between finding a bug and exploiting it is shrinking fast. (claude.com) ### What actually launched? Claude Security became publicly available on April 30, 2026, for Claude Enterprise customers. This is the product formerly called Claude Code Security, which Anthropic first introduced in limited research preview on February 20. The beta opens it to all Enterprise customers rather than a smaller test group, and Anthropic says teams can use it directly from Claude without building a custom agent or wiring up an API integration first. (claude.com) ### What does the tool do? Basically, it scans software repositories for vulnerabilities and proposes patches. But the important part is how it claims to work. Traditional static analysis tools mostly look for known bad patterns — exposed secrets, weak crypto, unsafe functions. Claude Security is supposed to reason through the codebase the way a human reviewer would, tracing data flow, understanding component interactio(claude.com)usiness-logic flaws. (anthropic.com) ### Why is Opus 4.7 the center of this? Because Anthropic is building the product on its strongest generally available coding model. Opus 4.7 launched on April 16 and Anthropic positioned it as a step up from Opus 4.6 on hard software-engineering tasks, especially longer and more complex ones. Claude Security uses that model to do the hard part — not just flagging suspicious code, but evaluating whether a finding is (anthropic.com) fix. (claude.com) ### How does Anthropic keep this from becoming an attacker tool? That’s the whole tension here. The same model improvements that help defenders can also help attackers. Anthropic has been unusually explicit about that. It says Opus 4.7 ships with real-time cyber safeguards that block prohibited or high-risk requests, and it created a Cyber Verification Program for legitimate security professionals doing dual-use work li(claude.com)re reviewed in about 2 business days. (anthropic.com) ### Does the AI make the final call? No — and that’s a big design choice. Anthropic says findings go through multi-stage verification, get severity and confidence ratings, and then land in a dashboard where humans review the evidence and inspect the suggested patch. Nothing is applied automatically. That sounds less magical, but it is probably the right tradeoff. Security teams hate false positives, and they hate mystery changes in production even more. (anthropic.com) ### What changed from the preview? The public beta adds scheduled and targeted scans, easier audit-system integration, and better tracking for triaged findings. Anthropic is also pushing Opus 4.7 through security partners including CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, TrendAI, and Wiz, plus services firms like Accenture, Deloitte, Infosys, and PwC. So this is not just a standalone Claude (anthropic.com)rity stacks. (claude.com) ### Why now? Because Anthropic thinks the industry is entering a rough stretch where AI compresses the timeline between vulnerability discovery and exploitation. It said as much in the beta launch, and it has been building a broader cyber strategy around that idea — from Project Glasswing for critical software defenders to stricter safeguards on stronger models. Claude Security is the more mainstream version of that str(claude.com) hopes arrives before attackers get the bigger advantage. (claude.com) ### Bottom line? This launch is really a bet about timing. Anthropic is betting that AI-assisted defense has to become normal now, not later. If Claude Security works, it could make code review and remediation faster without handing the keys fully to the model. If it does not, companies will just end up with another noisy scanner wearing a smarter label. (claude.com)