Anthropic, Vulnerability Detection · Patch Recommendations 'Claude Security' Public Beta

Anthropic PBC has launched “Claude Security” in an open beta, a service designed to support cybersecurity teams in discovering vulnerabilities and applying patches. This is a feature of the subscription service “Claude Enterprise” aimed at large organizations, with the core function of scanning entire codebases to identify security flaws and propose fixes.

The product was first introduced in February this year as a research preview called “Claude Code Security.” Anthropic later stated that hundreds of organizations have used this tool to find and fix vulnerabilities in their live code. According to the company, it even uncovered vulnerabilities that existing security tools had missed for years.

Based on Opus 4.7… “Reasoning like a security researcher”

The open beta of Claude Security runs on Anthropic’s flagship AI model, Opus 4.7. Its feature is not simply matching known vulnerability patterns, but reasoning like a true cybersecurity researcher—tracking data flows, reading source code, and analyzing interactions between files and code components.

Anthropic explained that this approach allows the model to understand the codebase within its overall context and make comprehensive judgments about complex chain effects. The analysis results are then accompanied by confidence scores, verified through a validation process, and delivered to security managers. The company states that during this process, it also explains why the model made a particular judgment, the likelihood of the vulnerability being exploited, why it should be prioritized, and the effectiveness of the proposed fixes.

From discovery to patching… reducing collaboration delays

Another advantage of Claude Security is its seamless connection from vulnerability detection to patch deployment. Users can open a Claude Code session and immediately apply patches within it. The company claims this can reduce the days of review and testing typically required by security and engineering teams.

Feedback received during the research preview has been incorporated into this version. A scheduled scanning feature has been added for regular checks; if analysis results are rejected, reasons can be recorded and saved. Additionally, export options in CSV and Markdown formats are supported, making it easy to integrate with existing audit and security systems.

Expanding collaboration with CrowdStrike, Palo Alto Networks, and others

Anthropic recently launched “Project Glasswing,” which is accelerating efforts in the security domain. The project uses the “Mitosis” model, which, although not originally designed specifically for security, has excellent vulnerability detection capabilities. The company states that it is building a technical collaboration ecosystem through Glasswing to protect software in real-world operational environments.

In this extension, clients can now also leverage external partner solutions based on Claude security features. Anthropic revealed that it is working with CrowdStrike Holdings, Palo Alto Networks, SentinelOne, Trend Micro’s “Trend AI,” Wiz, and others to integrate Opus 4.7 into their cybersecurity platforms.

This move indicates that the scope of generative AI applications is rapidly expanding from productivity tools to the “defensive security” field. Especially for AI security tools with strengths in code understanding and reasoning, competition is likely to intensify in the future. However, in actual enterprise environments, factors such as false positive rates, validation processes, and integration with existing security systems are expected to be key variables influencing adoption speed.

TP AI Notice: This article is summarized using a language model based on TokenPost.ai. The main content may be incomplete or not fully aligned with facts.