Anthropocene began automated security check skills for his Claude Code platform on Wednesday, unveiling tools that may scan code for vulnerabilities and suggest fixes as artificial intelligence dramatically accelerates software development across the industry.
The recent functions As organizations increasingly depend on AI to put in writing code faster than ever before, the query is whether or not security practices can sustain with the speed of AI-powered development. Anthropic's solution easily embeds security evaluation directly into developer workflows Terminal command and automatic GitHub Reviews.
“People love Claude Code, they love using models to put in writing code, and people models are already extremely good and improving,” said Logan Graham, a member of Anthropic’s Frontier Red team who led the event of the security measures, in an interview with VentureBeat. “It seems really possible that in the following few years we’ll increase the quantity of code written worldwide by 10-fold, 100-fold, or 1000-fold. The only approach to sustain is to make use of models themselves to work out learn how to make it secure.”
The announcement comes only a day after Anthropic released Claude Opus 4.1, an updated version of its strongest AI model that shows significant improvements in coding tasks. The timing underscores intensifying competition amongst AI firms OpenAI is predicted to announce GPT-5 immediate and meta aggressive Poaching talent with reported signing bonuses of $100 million.
Why AI code generation is a large security problem
The security tools solve a growing problem within the software industry: As AI models develop into more powerful at writing code, the quantity of code produced is exploding, but traditional security review processes cannot scale accordingly. Currently, security audits depend on human engineers manually examining code for vulnerabilities – a process that can’t sustain with AI-generated output.
Anthropic's approach uses AI to resolve the issue created by AI. The company has developed two complementary tools that leverage Claude's capabilities to routinely discover common vulnerabilities, including SQL injection risks, cross-site scripting vulnerabilities, authentication errors and insecure computing.
The first tool is a /Security check Command that developers can run from their terminal to scan code before committing it. “It’s literally 10 keystrokes, after which a Claude agent is triggered to ascertain the code you wrote or your repository,” Graham explained. The system analyzes the code and returns highly reliable vulnerability assessments together with suggested fixes.
The second component is a GitHub Action that routinely triggers security checks when developers submit pull requests. The system publishes inline comments on the code with security concerns and proposals, ensuring that each code change receives a basic security review before it goes into production.
How Anthropic tested the safety scanner by itself vulnerable code
Anthropic has tested these tools internally by itself codebase, including Claude Code themselves and offers real-world validation of their effectiveness. The company shared specific examples of vulnerabilities that the system detected before it went into production.
In one case, engineers developed a feature for an internal tool that launched a neighborhood HTTP server intended for local connections only. The GitHub Action has discovered a distant code execution vulnerability that may be exploited through DNS rebinding attacks. This vulnerability was fixed before the code was merged.
Another example was a proxy system to securely manage internal credentials. The automated check revealed that the proxy was vulnerable to attacks SSRF (Server-Side Request Forgery) attacks.leading to an instantaneous solution.
“We have used it and it has already found vulnerabilities and defects and made suggestions on learn how to fix them before they go into production for us,” Graham said. “We thought, hey, that is so useful that we decided to release it publicly as well.”
Small development teams get enterprise-class security tools at no cost
Beyond addressing the size challenges of enormous enterprises, the tools could democratize sophisticated security practices for smaller development teams that lack dedicated security staff.
“One of the things that excites me essentially the most is that this will easily democratize security review for even the smallest teams, and permit those small teams to push lots of code that they’ve an increasing number of confidence in,” Graham said.
The system is designed to be immediately accessible. According to Graham, developers can start using the safety verification feature inside seconds of release and only need about 15 keystrokes to launch. The tools integrate seamlessly into existing workflows and process the code locally via the identical Claude API that also supports other Claude code functions.
Inside the AI architecture that scans tens of millions of lines of code
The security clearance system works by calling Claude through an “agent loop” that systematically analyzes the code. According to Anthropic, Claude Code uses tool calls to explore large codebases by first understanding the changes made in a pull request after which proactively examining the broader codebase to know context, security invariants, and potential risks.
Enterprise customers can customize security rules to suit their specific policies. Built on Claude Code's extensible architecture, the system allows teams to change existing security prompts or create entirely recent scanning commands through easy Markdown documents.
“You can take a look at the slash commands, because often slash commands are literally just executed from a quite simple Claude.md document,” Graham explained. “It’s very easy for you to put in writing your personal too.”
The $100 million talent war is changing the trajectory of AI security
The security announcement comes amid a broader industry reckoning with AI security and responsible use. Recent research by Anthropic has examined techniques to stop AI models from developing harmful behavior, including a controversial “vaccination” approach that exposes models to undesirable traits during training to construct their resilience.
The timing also reflects the extraordinary competition within the AI space. Anthropic released Complete work 4.1 on Tuesday, with the corporate citing significant improvements in software engineering tasks – it scored 74.5% within the SWE Bench Verified Coding rating, in comparison with 72.5% for its predecessor Claude Opus 4.
Meanwhile, Meta is aggressively recruiting AI talent with massive signing bonuses, despite Anthropic CEO Dario Amodei recently stating this Many of his employees rejected these offers. The company maintains one 80% worker retention rate have been hired within the last two years, in comparison with 67% at OpenAI and 64% at Meta.
Government agencies should purchase Claude now as enterprise AI adoption accelerates
The security measures are a part of Anthropic's broader push into enterprise markets. Last month, the corporate rolled out several business-focused features for Claude Code, including analytics dashboards for administrators, native Windows support, and multiple directory support.
The US government has also confirmed Anthropic's business credentials and added the corporate to the General Services Administration list List of approved providers alongside OpenAI and Google, making Claude available for federal procurement.
Graham emphasized that the safety tools are intended to enhance existing security practices, not replace them. “There is nothing that may solve the issue. This is just a further tool,” he said. However, he expressed confidence that AI-powered security tools will play an increasingly central role as code generation increases.
The race to secure AI-generated software before it destroys the web
As AI transforms software development at an unprecedented pace, Anthropic's security initiative represents a critical recognition that the identical technology that’s driving the explosive growth in code generation must even be leveraged to make sure the security of that code. Graham's team, called the Frontier Red Team, focuses on identifying potential risks through advanced AI capabilities and constructing appropriate defenses.
“We've at all times been very committed to measuring the cybersecurity capabilities of models, and I believe it's time for there to be an increasing number of defenses world wide,” Graham said. The company particularly encourages cybersecurity firms and independent researchers to experiment with creative applications of the technology, with the ambitious goal of using AI to “confirm and preemptively patch or make safer a very powerful software powering the world’s infrastructure.”
The security measures are immediately available to everyone Claude Code Users, with the GitHub motion requiring one-time configuration by development teams. But the larger query looming over the industry stays: Can AI-powered defenses scale quickly enough to accommodate the exponential growth of AI-generated vulnerabilities?
At least for now, the machines try to repair what other machines might break.
