Anthropic has launched Claude Security in public beta for Claude Enterprise customers. The tool gives security teams a way to scan entire codebases for vulnerabilities — and generate targeted patches — without the usual back-and-forth that slows down remediation.
It’s a meaningful step forward for teams struggling to keep pace with the growing volume and complexity of security threats. And it signals where AI-assisted development is heading next.
From Research Preview to Public Beta
Claude Security isn’t brand new. Anthropic first released it as Claude Code Security in February, initially limited to Enterprise and Team customers. Since then, hundreds of organizations have used it in production, surfacing vulnerabilities that existing tools had missed — in some cases, for years.
That real-world feedback shaped what’s shipping today.
The public beta is now open to all Claude Enterprise customers globally. Access for Team and Max plan users is coming soon.
How it Works
Claude Security is powered by Claude Opus 4.7, Anthropic’s latest flagship model. What sets it apart from traditional static analysis tools is its approach to a codebase.
Rather than scanning for known patterns or signatures, it traces data flows, reads source code, and examines how components interact across files and modules — as a security researcher would. That reasoning-based approach means it can surface vulnerabilities that rule-based tools are likely to miss entirely.
Each finding undergoes a multi-stage validation pipeline before reaching an analyst. Every result comes with a confidence rating, severity level, likely impact, reproduction steps, and a recommended fix. Teams aren’t just getting a list of issues — they’re getting actionable intelligence.
From there, users can open a Claude Code session and work through the patch in context. No lengthy ticket queue. No waiting on a separate engineering review cycle. The goal is to go from scan to fix in a single sitting.
Since the research preview, Anthropic has also added scheduled scans for continuous coverage, the ability to dismiss findings with documented reasoning (so future reviewers can trust prior triage decisions), and CSV and Markdown export for integrating results into existing tracking and audit workflows.
Built for How Security Teams Actually Work
One of the more practical aspects of Claude Security is that it doesn’t require teams to abandon their current tooling. Findings can be exported in formats that plug directly into existing tracking systems. Dismissed findings carry documented context. Scheduled scans run in the background without requiring manual triggers.
That last point matters. Security teams are already stretched. A tool that runs independently and surfaces meaningful results — rather than generating noise — is far more likely to get adopted and used consistently.
According to Mitch Ashley, VP and practice lead for software lifecycle engineering at The Futurum Group, “Anthropic moving Claude Security to public beta collapses application security detection and remediation into one agent-driven workflow. Opus 4.7 reasoning across data flows, and component interactions compresses the scan-find-fix cycle into a single sitting, eliminating the ticket queue handoffs that defined traditional AppSec.”
“Pressure lands on vendors selling findings as the product. With endpoint and cloud security platforms embedding Opus 4.7 directly, the model layer is becoming a substrate for the security stack. Incumbents whose value lives in the detection-fix gap have to close it or lose the workflow.”
Part of a Broader Security Push
Claude Security doesn’t exist in isolation. It’s part of a wider effort by Anthropic to put advanced AI capabilities in the hands of defenders.
Opus 4.7 ships with safeguards that automatically detect and block requests indicating prohibited or high-risk cybersecurity uses. Those guardrails are built into the model itself, not bolted on as a filter. Anthropic has also launched a Cyber Verification Program for security professionals who need to use Opus 4.7 for legitimate purposes like vulnerability research, penetration testing, and red-teaming.
Alongside Claude Security, Anthropic launched Project Glasswing — an initiative focused on securing systemically important software and infrastructure. That program uses the company’s more restricted Mythos model, which is not publicly available and accessible only through a controlled consortium of technology partners.
Strong Partner Ecosystem From Day One
The public beta launch also comes with a notable list of integration partners. On the technology side, CrowdStrike, Palo Alto Networks, SentinelOne, Trend.ai, and Wiz are incorporating Opus 4.7 into their cybersecurity platforms. Service partners, including Accenture, BCG, Deloitte, Infosys, and PWC, are deploying Claude to help enterprise customers strengthen their overall security posture.
That partner network gives organizations options. Whether they want a standalone tool or something embedded in an existing platform they already rely on, there’s a path to adoption.
What This Means for DevSecOps
The core promise of DevSecOps has always been shifting security left — catching issues earlier in the development cycle, when they’re cheaper and faster to fix. In practice, that’s been harder than it sounds. Security reviews slow down pipelines. Findings pile up. Engineering and security teams operate in silos.
Claude Security doesn’t solve all of that. But it does address a real friction point: the gap between finding a vulnerability and knowing what to do about it. When a tool can identify a problem, explain it clearly, rate its severity, and help generate a fix — all in the same workflow — it changes the calculus for security teams.
Claude Security focuses on scanning an entire codebase with multiple agents running in parallel. While some tools look for known issues, Claude Security steps through source code and examines data flows to build a more complete picture of the attack surface.
That’s a meaningful capability — especially for organizations managing large, complex codebases where threats often hide in component interactions rather than isolated functions.
Claude Security is available now in public beta for Claude Enterprise customers. Access for Team and Max users is expected to follow.