The Government of Alberta has used Claude Code, running both Opus and Sonnet models, to scan and remediate security vulnerabilities across its provincial IT systems, Anthropic said this week.

A team within Alberta's Ministry of Technology and Innovation, which maintains roughly 1,280 applications and 3,400 code repositories across all 27 provincial ministries, put around 50 agents to work scanning 466 million lines of code in 20 hours, a task the Ministry estimates would otherwise have taken about six and a half years. Most of that code had never undergone a systematic security review, and the accumulated technical debt runs into the billions of dollars.

Where the scan flagged vulnerabilities, Claude Code was often able to generate fixes, write missing tests, and in some cases rebuild outdated systems entirely. One subsidy portal, originally hand-coded in Java roughly 25 years ago and requiring five months to build, was rebuilt in as little as four to five days. All patches were reviewed and approved by Ministry engineers before deployment.

AI for Leaders: Governance, Risk & Why Strategy Must Come First
Is your organisation adopting AI without a defined strategy or governance? If so, you’re not alone — and the consequences range from data breaches to reputational damage to safeguarding failures. AI is a strategic risk, not a silver bullet, and definitely not a magic data fairy. Without clear ownership, rules, and accountability, AI can proliferate across your organisation in ways that cost more — in time, money, and trust — than not using it at all. Speakers: Craig Clark, Director at Clark & Company Information Governance Services, and Stewart Tinson, Project Director, AI-360. You’ll learn: Why “understand your why” must precede any AI rollout Which risks senior leaders most commonly overlook — from data leakage to safeguarding How to measure AI value through outcomes, not adoption metrics Why accountability for AI governance sits with the C-suite, not IT or compliance Key topics: AI strategy • Risk appetite • Data protection • Bias & fairness • Safeguarding • AI literacy • Governance models • Return on investment • Executive accountability • AI use case tiering For CISOs, CIOs, and senior leaders who need to govern AI responsibly — before it governs them.

The Ministry has also built specialised "red team" and "blue team" review agents on the Claude Agent SDK, checking each application against roughly 95 security controls per pass.

Alongside the technical work, the Ministry has been training people through its Alberta AI Academy, which has taught thousands of government employees and more than 10,000 members of the public the basics of effective AI use.

Minister Nate Glubish said the work showed what "responsible government looks like in the AI era."

Looking ahead, one ministry alone runs 185 legacy applications in production; Alberta plans to use Claude Code to consolidate these into 16 modern, reusable applications. The Ministry is hosting an industry day in Edmonton in July to share its findings with other governments, and plans to scale its approach across the provincial government from the autumn.


AI for Leaders: Governance, Risk & Why Strategy Must Come First
Is your organisation adopting AI without a defined strategy or governance? If so, you’re not alone — and the consequences range from data breaches to reputational damage to safeguarding failures. AI is a strategic risk, not a silver bullet, and definitely not a magic data fairy. Without clear ownership, rules, and accountability, AI can proliferate across your organisation in ways that cost more — in time, money, and trust — than not using it at all. Speakers: Craig Clark, Director at Clark & Company Information Governance Services, and Stewart Tinson, Project Director, AI-360. You’ll learn: Why “understand your why” must precede any AI rollout Which risks senior leaders most commonly overlook — from data leakage to safeguarding How to measure AI value through outcomes, not adoption metrics Why accountability for AI governance sits with the C-suite, not IT or compliance Key topics: AI strategy • Risk appetite • Data protection • Bias & fairness • Safeguarding • AI literacy • Governance models • Return on investment • Executive accountability • AI use case tiering For CISOs, CIOs, and senior leaders who need to govern AI responsibly — before it governs them.
Share this post
The link has been copied!