Skip to main content

Anthropic Brings AI-Powered Security Scanning to Enterprise Teams With Claude Security

AI agents, SRE
AI agents, SRE

Anthropic has launched Claude Security in public beta for Claude Enterprise customers. The tool gives security teams a way to scan entire codebases for vulnerabilities — and generate targeted patches — without the usual back-and-forth that slows down remediation.

It’s a meaningful step forward for teams struggling to keep pace with the growing volume and complexity of security threats. And it signals where AI-assisted development is heading next.

From Research Preview to Public Beta

Claude Security isn’t brand new. Anthropic first released it as Claude Code Security in February, initially limited to Enterprise and Team customers. Since then, hundreds of organizations have used it in production, surfacing vulnerabilities that existing tools had missed — in some cases, for years.

That real-world feedback shaped what’s shipping today.

The public beta is now open to all Claude Enterprise customers globally. Access for Team and Max plan users is coming soon.

How it Works

Claude Security is powered by Claude Opus 4.7, Anthropic’s latest flagship model. What sets it apart from traditional static analysis tools is its approach to a codebase.

Rather than scanning for known patterns or signatures, it traces data flows, reads source code, and examines how components interact across files and modules — as a security researcher would. That reasoning-based approach means it can surface vulnerabilities that rule-based tools are likely to miss entirely.

Each finding undergoes a multi-stage validation pipeline before reaching an analyst. Every result comes with a confidence rating, severity level, likely impact, reproduction steps, and a recommended fix. Teams aren’t just getting a list of issues — they’re getting actionable intelligence.

From there, users can open a Claude Code session and work through the patch in context. No lengthy ticket queue. No waiting on a separate engineering review cycle. The goal is to go from scan to fix in a single sitting.

Since the research preview, Anthropic has also added scheduled scans for continuous coverage, the ability to dismiss findings with documented reasoning (so future reviewers can trust prior triage decisions), and CSV and Markdown export for integrating results into existing tracking and audit workflows.

Built for How Security Teams Actually Work

One of the more practical aspects of Claude Security is that it doesn’t require teams to abandon their current tooling. Findings can be exported in formats that plug directly into existing tracking systems. Dismissed findings carry documented context. Scheduled scans run in the background without requiring manual triggers.

That last point matters. Security teams are already stretched. A tool that runs independently and surfaces meaningful results — rather than generating noise — is far more likely to get adopted and used consistently.

According to Mitch Ashley, VP and practice lead for software lifecycle engineering at The Futurum Group, “Anthropic moving Claude Security to public beta collapses application security detection and remediation into one agent-driven workflow. Opus 4.7 reasoning across data flows, and component interactions compresses the scan-find-fix cycle into a single sitting, eliminating the ticket queue handoffs that defined traditional AppSec.”

“Pressure lands on vendors selling findings as the product. With endpoint and cloud security platforms embedding Opus 4.7 directly, the model layer is becoming a substrate for the security stack. Incumbents whose value lives in the detection-fix gap have to close it or lose the workflow.”

Part of a Broader Security Push

Claude Security doesn’t exist in isolation. It’s part of a wider effort by Anthropic to put advanced AI capabilities in the hands of defenders.

Opus 4.7 ships with safeguards that automatically detect and block requests indicating prohibited or high-risk cybersecurity uses. Those guardrails are built into the model itself, not bolted on as a filter. Anthropic has also launched a Cyber Verification Program for security professionals who need to use Opus 4.7 for legitimate purposes like vulnerability research, penetration testing, and red-teaming.

Alongside Claude Security, Anthropic launched Project Glasswing — an initiative focused on securing systemically important software and infrastructure. That program uses the company’s more restricted Mythos model, which is not publicly available and accessible only through a controlled consortium of technology partners.

Strong Partner Ecosystem From Day One

The public beta launch also comes with a notable list of integration partners. On the technology side, CrowdStrike, Palo Alto Networks, SentinelOne, Trend.ai, and Wiz are incorporating Opus 4.7 into their cybersecurity platforms. Service partners, including Accenture, BCG, Deloitte, Infosys, and PWC, are deploying Claude to help enterprise customers strengthen their overall security posture.

That partner network gives organizations options. Whether they want a standalone tool or something embedded in an existing platform they already rely on, there’s a path to adoption.

What This Means for DevSecOps

The core promise of DevSecOps has always been shifting security left — catching issues earlier in the development cycle, when they’re cheaper and faster to fix. In practice, that’s been harder than it sounds. Security reviews slow down pipelines. Findings pile up. Engineering and security teams operate in silos.

Claude Security doesn’t solve all of that. But it does address a real friction point: the gap between finding a vulnerability and knowing what to do about it. When a tool can identify a problem, explain it clearly, rate its severity, and help generate a fix — all in the same workflow — it changes the calculus for security teams.

Claude Security focuses on scanning an entire codebase with multiple agents running in parallel. While some tools look for known issues, Claude Security steps through source code and examines data flows to build a more complete picture of the attack surface.

That’s a meaningful capability — especially for organizations managing large, complex codebases where threats often hide in component interactions rather than isolated functions.

Claude Security is available now in public beta for Claude Enterprise customers. Access for Team and Max users is expected to follow.



from DevOps.com https://ift.tt/rjZJfcU
Labels:

Comments

Post a Comment

Popular posts from this blog

Claude Code’s Ultraplan Bridges the Gap Between Planning and Execution

Planning a complex code change is hard enough. Reviewing it in a terminal window shouldn’t make it harder. Anthropic is addressing that friction with a new capability called Ultraplan, currently in research preview as part of Claude Code. The feature moves the planning phase of a coding task from your local terminal to the cloud — and gives developers a richer environment to review, revise, and approve a plan before a single line of code changes. It’s a small workflow shift with real practical value, especially for teams working on large-scale migrations, service refactoring, or anything that requires careful coordination before execution begins. How it Works Ultraplan connects Claude Code’s command-line interface (CLI) to a cloud-based session running in plan mode. When a developer triggers it — either by running /ultraplan followed by a prompt, typing the word “ultraplan” anywhere in a standard prompt, or choosing to refine an existing local plan in the cloud — Claude picks u...
Post a Comment
Read more

Claude Code Can Now Run Your Desktop

For most of its short life, Claude has lived inside a chat window. You type, it responds. That model is changing fast. Anthropic recently expanded Claude Code and Claude Cowork with a new computer use capability that lets the AI directly control your Mac or Windows desktop — clicking, typing, opening applications, navigating browsers, and completing workflows on your behalf. It’s available now as a research preview for Pro and Max subscribers. The short version: Claude can now do things at your desk while you’re somewhere else. How it Actually Works Claude doesn’t reach for the mouse first. It prioritizes existing connectors to services like Slack or Google Calendar. When no connector is available, it steps up to browser control. Only when those options don’t apply does it take direct control of the desktop — navigating through UI elements the way a human would. Claude always requests permission before accessing any new application, and users can halt operations at any point. T...
Post a Comment
Read more

Google’s Scion Gives Developers a Smarter Way to Run AI Agents in Parallel

Running multiple AI agents on the same project sounds straightforward — until they start stepping on each other. Different agents accessing the same files, sharing credentials, or colliding on the same codebase can quickly turn a promising setup into a coordination nightmare. That’s the problem Google set out to solve with Scion. Scion is an experimental multi-agent orchestration testbed built to manage concurrent AI agents running in containers across local machines and remote clusters. Google recently open-sourced the project, giving developers a hands-on way to experiment with parallel agent execution across tasks like research, coding, auditing, and testing. Think of it as a control layer that keeps agents working together without getting in each other’s way. What Makes Scion Different Most agent frameworks treat AI as a library or prompt-chaining script that runs directly in your environment. Scion takes a different approach — it treats agents as system processes, wrapping ...
Post a Comment
Read more