Anthropic has officially opened Claude Security to public beta for Claude Enterprise customers, delivering AI-native vulnerability detection directly into production codebases, no custom tooling, no API wiring required.
The launch marks a significant step in enterprise-grade offensive defense, putting frontier AI reasoning into the hands of security teams at scale.
Claude Security is Anthropic’s dedicated defensive AI product designed to scan software codebases for vulnerabilities, validate findings, and auto-generate developer-ready patches all without requiring teams to build internal AI infrastructure.
The product is powered by Claude Opus 4.7, Anthropic’s latest flagship model, and is rolling out globally to Claude Enterprise customers, with Claude Team and Max subscribers gaining access soon.
Unlike traditional static analysis tools that rely on known pattern matching, Claude Security reasons through a codebase the way a human security researcher would, tracing data flows, mapping component interactions across files and modules, and surfacing vulnerabilities that rule-based scanners consistently miss.
A multi-stage validation pipeline then verifies each finding independently before it reaches an analyst, assigning each result a confidence level and severity rating.
From Research Preview to Full Beta
It first appeared under the name Claude Code Security as a limited research preview in February 2026, initially available only to Enterprise and Team customers. During that period, hundreds of organizations ran it against their production codebases, and the results were significant.
In its original research phase, Anthropic’s team used Claude Opus 4.6 to discover 500+ long-undetected, high-severity vulnerabilities in open-source projects that had survived decades of expert review.
Tested with no specialized instructions, custom harnesses, or task-specific prompting. That early real-world validation shaped the product roadmap that led directly to today’s public beta. Real-world feedback from early adopters also drove a substantial expansion of features ahead of the beta launch.
New Capabilities Added for Public Beta
Based on input from the hundreds of organizations in the limited preview, Anthropic has shipped several critical enterprise-readiness features:
- Scheduled scans – automate recurring security checks across repositories on a defined cadence
- Directory-level targeting – focus scans on specific paths or modules rather than the full codebase, reducing scan time for large projects.
- CSV and Markdown exports – share findings in formats compatible with existing security workflows and reporting pipelines
- Webhook notifications – receive real-time alerts the moment new vulnerabilities are identified.
- Persistent dismissals – dismissed findings carry forward across subsequent scans, significantly reducing analyst noise over time.
Each finding links directly to a Claude Code session, giving developers full context on impact, reproduction steps, and a one-click path to review and apply suggested patches.
The False Positive Problem
One of the most persistent challenges in automated security scanning is alert fatigue. Security teams routinely deprioritize findings or ignore alerts altogether when the signal-to-noise ratio from their scanners is too low. Claude Security directly targets this problem.
By pairing detection with model-driven multi-stage validation, every vulnerability candidate is re-analyzed before being surfaced to analysts.
Each result receives an explicit confidence and severity rating, allowing teams to understand where to focus first. This approach positions Claude Security as a meaningful upgrade over traditional static analysis tools, such as SAST scanners, which generate high false-positive rates and lack contextual reasoning.
Anthropic’s Broader Defensive AI Strategy
Claude Security is part of Anthropic’s wider strategic push to make frontier AI capabilities available to defenders, not just to attackers.
Alongside the public beta, Anthropic has introduced a Cyber Verification Program for legitimate security professionals, penetration testers, vulnerability researchers, and red team operators, granting verified participants access to cybersecurity capabilities restricted for general users.
Claude Opus 4.7 itself ships with enhanced cybersecurity safeguards that automatically detect and block requests involving prohibited or high-risk security operations.
For enterprise customers, this means the same model powering vulnerability discovery is also actively guarded against misuse. This dual-use design reflects Anthropic’s deliberate approach to releasing advanced security capabilities.
As Anthropic’s communications lead Gabby Curtis stated directly: “The same reasoning that helps Claude find and fix a vulnerability could help an attacker exploit it, so we’re being deliberate about how we release this.”
Claude Security is available immediately in public beta to all Claude Enterprise customers. Teams can access the product directly at claude.com/product/claude-security, with no agent build requirements and no API integration overhead. Claude Team and Max plan subscribers are next in line for access.
For enterprise security teams looking to scale vulnerability coverage without expanding headcount or deploying private AI infrastructure, Claude Security’s public beta represents a direct, low-barrier entry point into AI-assisted application security.
FAQ
Q1: What is Claude Security, and who can access it?
Claude Security is Anthropic’s AI-powered vulnerability detection and patch generation tool, now available in public beta exclusively to Claude Enterprise customers, with Team and Max plan access coming soon.
Q2: Which AI model powers Claude Security?
Claude Security is powered by Claude Opus 4.7, Anthropic’s latest flagship model, which delivers enhanced code reasoning, multi-stage vulnerability validation, and auto-generated patch suggestions with confidence and severity ratings.
Q3: How does Claude Security reduce false positives compared to traditional scanners?
Claude Security uses a multi-stage validation pipeline that independently re-analyzes each detected vulnerability before surfacing it to analysts, assigning confidence and severity ratings tto cut alert noise dramatically
Q4: What new features were added in the public beta launch?
The public beta introduced scheduled scans, directory-level targeting, CSV and Markdown exports, webhook notifications, and persistent dismissals, all shaped by feedback from hundreds of organizations during the research preview phase.
Site: https://thecybrdef.com
For more insights and updates, follow us on Google News, Twitter, and LinkedIn.
About the Author
