Infosec community panics over Anthropic Claude Code Security • The Register

ai-pocalypse Anthropic sent the infosec community into a tizzy on Friday when it rolled out Claude Code Security, a new feature that scans codebases for vulnerabilities and suggests patches to fix the issues.

The new security capability is currently available as a limited research preview for enterprise and team customers to test in their environments, and open-source maintainers can apply for free, expedited access.

The announcement sent some cybersecurity stocks into a downward spiral and prompted much pontificating about the end of security as we know it – along with a dissenting opinion from CrowdStrike co-founder and CEO George Kurtz. His firm’s shares were among those hit on Friday, closing the day down nearly 8 percent from the previous close, and Kurtz asked Claude if its new security tool could replace what CrowdStrike does (tl;dr: Claude said no).

The reality, however, isn’t nearly as gloomy for the security industry – nor as exciting and sexy as AI evangelists make it out to be. Yes, large language models have shown an ability to flag some pattern-based vulnerabilities at scale. Earlier this month, Anthropic claimed that Claude Opus 4.6 “found and validated more than 500 high-severity vulnerabilities” in open source code.

But Claude’s security feature is simply the latest and buzziest AI-enabled bug-fixing tool, meaning Anthropic is now doing what other companies at the forefront of agentic AI are also doing. When it comes to securing code, it’s a move in the right direction. But it’s not sufficient – humans are still required.

Amazon also uses AI agents to find security flaws and suggest fixes internally. Microsoft has its own swarm of security agents that, among other tasks, prioritize vulnerability remediation, automate the identification of impacted devices, and then initiate fixes.

Google, back in November 2024, said its LLM-based bug-hunting tool Big Sleep was the “first” AI to spot a memory safety vulnerability in the wild and then fix it before the buggy code’s official release. More recently, it rolled out an AI agent called CodeMender that it said “automates patch creation, can identify the root cause of a vulnerability, then generate and review a working patch.”

Last October, OpenAI said it’s privately testing Aardvark, an agentic security system based on GPT‑5, that it promises will “help developers and security teams discover and fix security vulnerabilities at scale.” 

As is the case with Claude’s code-scanning and patching tool, all of these still need a human to sign off on the fix. “Nothing is applied without human approval: Claude Code Security identifies problems and suggests solutions, but developers always make the call,” Anthropic said in announcing the new feature.

According to the AI developer, Claude Code Security is context-aware – as opposed to simply doing static code analysis. It “reads and reasons about your code the way a human security researcher would: understanding how components interact, tracing how data moves through your application, and catching complex vulnerabilities that rule-based tools miss,” the company said.

This will likely prove to be a useful tool for developers and security analysts, as researchers have repeatedly shown that AI is very good at detecting vulnerabilities. (It’s also good at writing buggy code and opening up new attack vectors for criminals.)

“Anything that helps developers write better, safer code is a good thing,” Glenn Weinstein, CEO of supply-chain security shop Cloudsmith, told The Register. “Claude Code Security is one of many safeguards in a wide range of defenses.”

Isaac Evans, CEO of developer-focused security firm Semgrep, told The Register he’s “very excited for Claude Code Security, even though we haven’t tried it yet.”

“LLMs are fantastic for security and have a great opportunity to actually make a dent in the coming wave of software vulnerabilities,” he said.

However, the real test of these types of bug-hunting AI agents will be how well they perform at scale, according to Evans.

“So far none of the foundation model companies – Big Sleep, Aardvark, OpenAI – have published detailed statistics on how many false positives they experienced to get the results they had, or the cost to do so,” Evans said. “That matters: Was this a $1 million investment? $10 million? This is some level of marketing-first, science-second. We are also hearing reports from security researcher friends that of the 500 vulnerabilities, not all of them are truly ‘high-severity’ as described.” ®