Anthropic's Claude Security tool is now available in public beta for all Claude Enterprise customers, the company announced on April 30, marking the product's exit from two months of closed testing during which it quietly uncovered more than five hundred production vulnerabilities in customers' own code. The launch brings AI-powered codebase scanning, a capability that has until now required dedicated security engineering teams or expensive specialist firms, to any organization with an Enterprise Claude subscription.
The product, previously called Claude Code Security, is accessible directly from the Claude.ai sidebar or at claude.ai/security. It requires no API integration, no custom agents, and no security-engineering configuration. A team with a standard Enterprise seat can point Claude Security at a code repository and receive a structured list of vulnerabilities, complete with severity ratings and suggested patches, within the time it would normally take a developer to finish a morning standup.
How It Works in Practice
Claude Security does not operate like a traditional static-analysis tool. Rather than searching for known patterns in a rules database, it reads source code the way a security researcher does: tracing data flows from input to output, examining how components interact across files and modules, and reasoning about which combinations of conditions could produce exploitable behavior. The approach catches logic-level vulnerabilities, authentication bypasses, and injection flaws that pattern-matching tools miss because the bug exists in the interaction between components rather than in any single line of code.
Once a scan is complete, security teams can dismiss findings with documented justification, export results as CSV or Markdown, and route high-priority alerts to Slack, Jira, or other ticketing systems via webhook. Administrators can schedule recurring scans, focus them on specific directories within a large monorepo, and track remediation rates over time through a dashboard showing seven-day and thirty-day historical charts.
Key Facts
- Production vulnerabilities found in private preview500+
- Some bugs had been undetected forYears despite expert review
- Underlying modelClaude Opus 4.7
- Security platform integration partnersCrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, TrendAI, Wiz
- Service delivery partnersAccenture, BCG, Deloitte, Infosys, PwC
- Team and Max plan accessComing soon
A Dense Web of Integration Partners
The launch is notably well-integrated from day one. Anthropic has connected Claude Security to six security platform vendors: CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, TrendAI, and Wiz. The integrations mean findings can flow directly into existing security operations workflows without requiring a separate export-and-import cycle. For organizations that already run their security posture through one of these platforms, Claude Security becomes an additional signal source rather than a standalone tool competing for analyst attention.
On the services side, five major consulting and technology firms have committed to helping enterprise clients deploy Claude Security in their security programs: Accenture, BCG, Deloitte, Infosys, and PwC. The involvement of firms at that scale reflects a bet that AI-assisted code scanning will move from an optional capability to a standard component of enterprise security reviews. Each of these firms already has substantial Anthropic relationships in other parts of their business, and Claude Security gives them a new line item in security modernization conversations.
"Claude Security comes with no API integration or custom agents required. During the two months of private preview, teams discovered five hundred production vulnerabilities, some of which had remained invisible for years despite expert review." Anthropic, Claude Security launch announcement, April 2026
Where This Fits in the Broader Anthropic Security Stack
Claude Security is the latest piece of what Anthropic has built into a layered security offering for enterprises. The Claude Compliance API allows IT and security teams to monitor how Claude is being used across the organization, flag policy violations, and integrate AI governance into existing identity and compliance platforms. Claude Security sits on the other end of that spectrum: instead of governing how employees use AI, it deploys AI to protect the company's own software from external attack.
The underlying model is Claude Opus 4.7, Anthropic's current flagship, which brings substantially improved code reasoning compared to earlier models. The same capability that makes Opus 4.7 useful for writing complex software makes it well-suited for reading and critiquing that software at a structural level. Anthropic has noted that models are becoming "genuinely useful for serious cybersecurity work," a capability it has chosen to route into defensive tooling first, following the same philosophy that drove the restricted release of Project Glasswing and Claude Mythos Preview.
Team and Max plan access to Claude Security is listed as coming soon. The current Enterprise-only availability puts the tool at the level of the market where security investment is largest and where the integration requirements, audit logging, and compliance expectations are most demanding. Expanding downward into smaller plans will likely require additional guardrails around scan volumes and data residency, both of which are more complex at scale. What is clear from the April 30 launch is that Anthropic is treating security as a product category in its own right rather than a feature bolted onto the core chat experience. Learn more about the Claude model family powering these capabilities.
