Anthropic has launched a limited research preview of Claude Code Security, a new capability built into Claude Code on the web, for enterprise and team customers. The tool scans codebases for security vulnerabilities and generates targeted software patches for human review. It is designed to help security teams identify and remediate complex flaws that traditional static analysis tools frequently miss.
Claude Code Security evaluates code by analyzing how components interact and how data moves through an application. Instead of relying solely on predefined rules, it assesses behavior and relationships across the codebase to uncover complex vulnerabilities. According to Anthropic, this approach has enabled detection of high-severity issues that had not been identified through conventional review processes.
Each finding passes through a multi-stage verification process before being surfaced to analysts. The system re-examines results in an attempt to validate or refute its own conclusions, reducing false positives. Confirmed issues are assigned severity ratings and displayed in a dedicated dashboard within Claude Code, where teams can inspect suggested patches and review confidence ratings. No changes are applied automatically; developers retain full authority over remediation decisions.
The capability builds on more than a year of cybersecurity research. Anthropic’s Frontier Red Team has tested Claude in competitive Capture-the-Flag events and partnered with Pacific Northwest National Laboratory to explore AI-assisted defense of critical infrastructure. Using Claude Opus 4.6, released earlier this month, the company reports identifying more than 500 vulnerabilities in production open-source codebases, including long-standing issues that had not previously been detected. Triage and responsible disclosure processes with maintainers are ongoing.
The preview is available to enterprise and team customers, with expedited access for maintainers of open-source repositories. The staged rollout reflects a dual-use consideration: tools capable of surfacing subtle vulnerabilities could also be misused if broadly accessible without safeguards. Limiting access during the research phase allows for refinement of detection accuracy, evaluation of false positive rates, and assessment of deployment controls in production environments.