Claude Code Security, an AI-powered vulnerability scanner

Anthropic announced Claude Code Security on February 20, 2026, a tool that scans codebases for security vulnerabilities and suggests patches for human review. The feature is available as a limited research preview for Enterprise and Team customers, with free expedited access for open-source maintainers. ^[1]

YouTube video

YouTube

What It Is

Claude Code Security is built into Claude Code's web interface. It is designed to go beyond traditional static analysis, which relies on matching code against libraries of known vulnerability patterns.

Instead, Anthropic says the tool reasons about code contextually. It traces how data moves through an application, examines how components interact, and identifies vulnerabilities in areas like business logic and access control that rule-based scanners typically miss.

Each finding goes through a multi-stage verification process. The system re-examines its own results, attempts to disprove them, and filters out false positives before presenting them to an analyst. Findings include severity ratings and a confidence score.

No changes are applied automatically. Developers review findings and suggested patches in a dashboard and decide whether to approve them.

Why This Matters

Software vulnerabilities are a persistent problem. Security teams are routinely outnumbered by the volume of code they need to protect, and traditional scanning tools catch only a subset of issues, primarily those that match known patterns.

If AI models can reliably find the kinds of context-dependent vulnerabilities that currently require skilled human researchers, it could meaningfully shift the economics of software security. The risk, which Anthropic has itself stated, is that attackers gain access to the same capabilities.

Cybersecurity stocks fell on the news. CrowdStrike dropped as much as 6.5%, Cloudflare fell more than 6%, and SailPoint declined 6.8%.