HeadsUpAI

Anthropic Launches Claude Security Beta to Automatically Scan and Patch Codebases

· Updated

Anthropic launched Claude Security in public beta for Enterprise customers, moving the tool from research preview to production. It identifies high-severity vulnerabilities like memory corruption and logic errors. The system uses Claude Opus 4.7's self-verification to verify findings before reporting them to security teams.
Availability
Public beta, Claude Enterprise
Vulnerability types
Memory corruption, injection, logic errors
Integration
Slack and Jira via webhooks
Export formats
CSV and Markdown
Remediation
Automated patch suggestions for review
Future access
Team and Max plans coming soon

This release scales the Claude Code Security research preview into a managed service competing with OpenAI's Codex Security. By reasoning through code, the tool traces data flows across files to catch context-dependent bugs. This addresses the "false positive fatigue" that often leads developers to ignore automated security alerts.

You can now configure scheduled scans, target specific directories, and export findings as CSV or Markdown files. The beta includes webhook support for Slack and Jira to integrate findings into existing triage workflows. While limited to Enterprise plans, Anthropic plans to expand access to Team and Max users soon.

View the full update on claude.com
Claude
Claude
@claudeai
X

Claude Security is now in public beta for Claude Enterprise customers. Claude scans your codebase for vulnerabilities, validates each finding to cut false positives, and suggests patches you can review and approve. https://t.co/neYmbGYeRz

2kretweets22klikes
View on X

Still wondering? A few quick answers below.

Claude Security is an AI-powered tool that scans codebases for vulnerabilities and suggests patches. It functions like a security researcher by reasoning through code and tracing data flows across multiple files. Beyond just finding bugs, it validates its own findings to reduce false positives and provides functional code fixes for human review and approval.

Traditional scanners typically use rule-based pattern matching, which often misses complex logic errors and produces high false positive rates. Claude Security uses large language models to understand business logic and context. It performs an adversarial verification pass, challenging its own results before reporting them, which ensures that surfaced issues are more likely to be legitimate threats.

Claude Security is currently available in public beta for Claude Enterprise customers. Administrators can enable the feature through the admin console. While it is restricted to the Enterprise tier today, Anthropic has stated that access for Claude Team and Max plans is coming soon, though no specific release date for those tiers has been provided.

The tool focuses on high-severity vulnerabilities, including memory corruption, injection flaws, and authentication bypasses. It is particularly effective at identifying complex logic errors and context-dependent vulnerabilities that require an understanding of how data moves across different components of a codebase. Every finding includes a recommended patch that maintains the existing code structure and style.

Yes, Claude Security is designed to fit into existing security workflows. It supports webhook notifications for tools like Slack and Jira to alert teams of new findings. Users can also export scan results as CSV or Markdown files for audits. Additionally, triage decisions like dismissals carry forward across future scans to prevent repetitive manual work.

Share this update