A new capability called Claude Code Security is now available in a limited research preview, allowing teams to scan codebases for security vulnerabilities and suggest targeted software patches for human review. This tool uses artificial intelligence to detect novel, high-severity vulnerabilities that traditional methods often miss.
Currently, security teams face a challenge of too many software vulnerabilities and not enough people to address them. Existing analysis tools can only identify known patterns, leaving skilled researchers to deal with ever-expanding backlogs.
However, AI-powered capabilities like Claude are changing this calculus. The tool detects novel, high-severity vulnerabilities and suggests patches for human review. This power is now being put in the hands of defenders to protect code against AI-enabled attacks.
Claude Code Security works by reading and reasoning about code like a human security researcher would. It understands how components interact, traces data movement through applications, and catches complex vulnerabilities that rule-based tools miss.
The tool’s findings are verified through a multi-stage process before they reach an analyst. Claude re-examines each result, attempting to prove or disprove its own findings and filter out false positives. Findings are also assigned severity ratings so teams can focus on the most important fixes first.
Validated findings appear in the Claude Code Security dashboard, where teams can review them, inspect suggested patches, and approve fixes. The tool provides a confidence rating for each finding to help assess nuances that are difficult to evaluate from source code alone.
Claude’s cyberdefensive abilities have improved substantially through research into its capabilities. The Frontier Red Team has stress-tested the tool in competitive events and partnership with Pacific Northwest National Laboratory to defend critical infrastructure. Using Claude, the team found over 500 vulnerabilities in production open-source codebases that had gone undetected for decades.
The new tool is built on top of existing cybersecurity capabilities, making it easy for teams to integrate into their workflow. Teams can review findings and iterate on fixes within the tools they already use. By providing this capability to defenders, Claude aims to make code more secure and reduce the risk of attacks.
Source: https://www.anthropic.com/news/claude-code-security