Anthropic launched Claude Security into public beta: it scans your code, finds vulnerabilities, and proposes patches.

Reddit r/ArtificialInteligence Products

Summary

Anthropic has launched Claude Security into public beta for Enterprise customers, an AI-driven tool that scans codebases to identify vulnerabilities and propose patches by understanding business logic and data flows.

Anthropic just pushed Claude Security into public beta for Enterprise customers (Currently Enterprise-only, with Team and Max access coming later). It scans your codebase like a security researcher would: traces data flows across files, understands business logic, finds vulnerabilities that pattern-matching tools miss, and proposes patches you review and approve. Reference: [https://claude.com/product/claude-security](https://claude.com/product/claude-security) **What it actually does:** * Parallel scanning of code with multi-file context * Adversarial self-verification on every finding to cut false positives * Suggested patches that match your existing code style * Pushes findings to Slack, Jira, or webhooks * Scoped scans (subdirectory level) and scheduled scans * Powered by the same models Anthropic uses internally for its own security **The good:** This is genuinely a leap. Traditional SAST tools drown teams in false positives and miss anything that needs cross-file reasoning. An LLM that actually understands what the code is doing, then writes the fix, is the right shape of tool for the problem. The fact that Anthropic eats its own dog food on this is a real signal. **The uncomfortable part:** Same capability that finds bugs for defenders finds bugs for attackers. Anthropic published their own research on "LLM-discovered 0-days" so they're clearly aware of it. Their bet is that defenders deploying this first creates an asymmetry in favor of the good guys. Maybe. What I keep coming back to though: a successful Claude Security deployment produces a concentrated, validated, well-explained list of exactly where your software is broken. If that list leaks (compromised Slack webhook, an insider, an exported CSV in the wrong S3 bucket), an attacker gets a pre-built attack plan. The product doesn't create new attack surface against random websites, but it does create a very high-value internal artifact that needs to be guarded like crown jewels. Anyone here from a security team actually trying it? Curious whether the false positive rate holds up in practice and how teams are handling the finding-storage problem.
Original Article

Similar Articles

Anthropic's open-source framework for AI-powered vulnerability discovery

Hacker News Top

Anthropic has released an open-source reference implementation for autonomous vulnerability discovery and remediation using Claude, featuring a full pipeline (recon → find → verify → report → patch) with sandboxing support. It accompanies Claude Security, a hosted product for managing vulnerabilities across codebases.

@_mattata: Anthropic released a pretty clean code auditing harness for identifying bugs with potential security implications. It’s…

X AI KOLs Timeline

Anthropic released an open-source code auditing reference harness for autonomous vulnerability discovery and remediation using Claude, covering a recon→find→triage→report→patch pipeline, primarily targeting C/C++ memory vulnerabilities. It is a template/reference implementation rather than a production-ready product, with a managed hosted option called Claude Security also available.

Claude Mythos Opens The Cybersecurity Pandora's box

Reddit r/artificial

Anthropic has unveiled Claude Mythos, a highly capable AI model designed to automatically discover security vulnerabilities in operating systems, browsers, and software libraries. Initially restricted to select enterprise and open-source partners under Project Glasswing due to dual-use risks, the release has sparked industry debate over AI security capabilities and corporate marketing tactics.