Anthropic released the security-guidance plugin for Claude Code on Wednesday, a free tool that scans for vulnerable code patterns during active development and surfaces problems before they reach pull requests. Internal testing showed a 30 to 40 percent reduction in security-related review comments on code submitted while the plugin was active.

The plugin is available immediately to all Claude Code users on Pro, Max, Team, and Enterprise plans. It installs through a single command in the terminal and runs without consuming any usage credits, because its checks do not invoke the model. That means the tool works even when a team has reached its daily usage limit, and adding it to a workflow has no cost impact regardless of how often it fires.

Three Layers of Review

The plugin watches for security problems at three points in a session: when Claude edits a file, at the close of each model turn, and at commit time. Running checks at all three stages means a vulnerable pattern flagged during file editing does not survive until a CI scanner catches it hours or days later. When the plugin finds something, it surfaces the issue in the same session where the code was written, while the context is still fresh and a fix is straightforward to apply.

The specific patterns it checks are concrete. On the injection side, the plugin flags calls to eval(), new Function(), os.system(), and child_process.exec(), which are frequent entry points for code execution attacks in JavaScript and Python projects. Unsafe deserialization methods are also covered, targeting library calls that reconstruct objects from user-controlled data without validation. The DOM injection sweep covers dangerouslySetInnerHTML in React and direct .innerHTML= assignments in plain JavaScript, both of which are among the most common causes of cross-site scripting vulnerabilities in modern web applications. Across all language ecosystems, the plugin checks more than 25 patterns covering the most frequently exploited classes of vulnerability.

Security-Guidance Plugin by the Numbers

  • Reduction in PR security comments30-40%
  • Vulnerable patterns detected25+
  • Review checkpoints per sessionFile edit, Model turn, Commit
  • Model calls requiredNone (no usage credits consumed)
  • Available plansPro, Max, Team, Enterprise
  • Cost to usersFree

Org-Level Rules and Configuration

Teams can extend the plugin's default rule set by adding a claude-security-guidance.md file to their repository or workspace. That file lets security leads encode company-specific rules that apply automatically to every developer's Claude Code session without any per-user setup. The mechanism means an organization's security standards travel with the development environment rather than sitting in documentation or being enforced only during formal code review.

Anthropic describes the plugin as a lightweight first pass rather than a replacement for thorough security review or automated scanning in CI pipelines. That framing is accurate in scope. Catching 25 patterns is not the same as a comprehensive static analysis run, and the plugin makes no claim to find every class of vulnerability. But a tool that eliminates 30 to 40 percent of security review comments before code even enters the review queue, at no cost and without adding latency to the development loop, changes where in the process most of those issues will be found and addressed.

"Across our internal rollout and benchmarks, we've seen a 30-40% decrease in security-related comments on PRs opened using the plugin. The plugin serves as a lightweight first pass, catching issues before a full code review." Anthropic, security-guidance plugin announcement, May 2026

Where This Fits in Anthropic's Security Stack

The plugin does not exist in isolation. Anthropic has been building out security-focused offerings across several product lines over the past two months. Claude Security, the company's enterprise codebase-scanning product for larger-scale vulnerability assessment, entered public beta in April. Claude Mythos, the frontier model underlying Project Glasswing, has now flagged more than 23,000 potential security flaws across open-source projects during its restricted deployment program. The security-guidance plugin sits at the opposite end of that capability range: narrower in scope, free, and aimed at the everyday development work of any team using Claude Code.

That range of products reflects a deliberate strategy. Finding zero-days in production codebases and catching an eval() call in a new function are very different tasks, but both contribute to code that is harder to attack when it ships. The plugin is the accessible end of that stack. Most development teams will never interact with Mythos or the enterprise scanning product, but every team writing code with Claude Code can install this in under a minute. Whether that translates into a measurable reduction in vulnerabilities shipped to production at scale is something Anthropic will presumably have data on as adoption grows.

Further reading: Learn more about Claude's model family, read our background on Anthropic, or browse the latest Claude AI news.