Claude Security has entered public beta.
The service allows organizations to scan their codebases for vulnerabilities using models that Anthropic also relies on to secure its own internal systems. It goes beyond basic pattern matching by understanding context across files, tracing data flows, and examining Git history to detect more intricate problems that traditional static analysis tools frequently miss or flag incorrectly.
These include high-severity issues such as memory corruption vulnerabilities, various forms of injection flaws, authentication bypasses, and subtle logic errors that depend on how different parts of an application interact.
Once potential problems are identified, the system applies an adversarial verification process in which it challenges its own initial assessments, with the goal of surfacing genuine risks while minimizing the noise of false positives that can overwhelm security and development teams.
For each validated finding, Claude Security provides a detailed explanation of the vulnerability, why it matters in the specific codebase, and a suggested patch that attempts to preserve the original code's structure, style, and intent.
Developers and reviewers can examine these proposals, including data flow diagrams and impact assessments in some cases, before deciding whether to approve, modify, or dismiss them. Dismissals persist across scans, helping maintain consistent triage decisions over time.
The tool also supports practical enterprise needs such as scheduled recurring scans, scoping to particular directories, exports in CSV or Markdown formats for audits or reporting, and webhook integrations that push notifications into existing systems like Slack or Jira ticketing platforms.
This design positions it as an on-ramp for security teams interested in leveraging advanced models like Opus 4.7 on their code without the overhead of building and maintaining separate agent-based tooling or complex API integrations.
Claude Security is now in public beta for Claude Enterprise customers.
Claude scans your codebase for vulnerabilities, validates each finding to cut false positives, and suggests patches you can review and approve. pic.twitter.com/neYmbGYeRz— Claude (@claudeai) April 30, 2026
The public beta builds directly on earlier work introduced in mid-2025, when Anthropic added automated security review features to its Claude Code coding assistant.
Those initial capabilities included a terminal command for on-demand scans that could spot common risks such as SQL injection, cross-site scripting, insecure authentication patterns, unsafe dependencies, or problematic data handling practices.
The assistant would not only flag issues but also explain them in accessible terms and offer to apply fixes after user confirmation.
A companion GitHub Action extended this to pull request workflows, automatically commenting on code changes with vulnerability details and remediation suggestions, allowing teams to customize sensitivity levels based on project context or policies. Coverage at the time highlighted how AI models could review and secure the code used to develop and improve subsequent versions of themselves.
Anthropic reported using the features internally, catching real issues, including a potential remote code execution vulnerability in one of its tools, before they reached production.
What started as interactive, command-line and pull-request-oriented reviews has now matured into a more comprehensive platform-level offering.
Since the research preview in February, hundreds of organizations have used it on production code, catching issues existing scanners had missed.
Based on early feedback, we've added scheduled scans, directory-level targeting, CSV and Markdown exports, webhook notifications for…— Claude (@claudeai) April 30, 2026
Claude Security retains the emphasis on contextual, researcher-like reasoning while adding automation layers suited to larger, ongoing codebase management.
Both iterations reflect a recurring theme in Anthropic's approach: using the AI to strengthen the development pipeline that produces it, creating a controlled feedback loop under human oversight. The newer service makes this process available in a form that fits more seamlessly into organizational security workflows, with built-in controls to keep final decisions in human hands.
Patches are always presented for review rather than applied automatically, and the documentation stresses that the system, like any AI tool, can make mistakes, particularly in critical or highly specialized environments.
Because of this, and as always, careful human evaluation is essential.
Initially, access remains limited for now to Enterprise customers through the admin console, with expansion to additional plans anticipated in the coming period. As development teams increasingly rely on AI-generated code, tools like this represent one practical response to the resulting security challenges, blending generation and review within the same ecosystem.
Available today in public beta for Claude Enterprise customers.
Learn more: https://t.co/Oei6EHTZuX— Claude (@claudeai) April 30, 2026