Claude Code Security is a new capability built into Claude Code on the web that scans codebases for security vulnerabilities and suggests targeted software patches for human review. It allows teams to find and fix security issues that traditional methods often miss, putting defensive capabilities in the hands of developers.
Rather than scanning for known patterns like traditional static analysis tools, Claude Code Security reads and reasons about code the way a human security researcher would. It understands how components interact, traces how data moves through applications, and catches complex vulnerabilities that rule-based tools miss. Every finding goes through a multi-stage verification process where Claude re-examines each result to filter out false positives, and findings are assigned severity ratings.
The system identifies problems and suggests solutions but nothing is applied without human approval. Validated findings appear in the Claude Code Security dashboard where teams can review them, inspect suggested patches, and approve fixes. Claude also provides a confidence rating for each finding since these issues often involve nuances difficult to assess from source code alone.
Claude Code Security helps security teams address the challenge of too many software vulnerabilities and not enough people to address them. It builds on more than a year of research into Claude's cybersecurity capabilities, including competitive Capture-the-Flag events and partnerships with organizations like Pacific Northwest National Laboratory to defend critical infrastructure.
The product is intended for Enterprise and Team customers, with expedited access available for maintainers of open-source repositories. It's built on Claude Code, allowing teams to review findings and iterate on fixes within the tools they already use.
admin
Claude Code Security is intended for Enterprise and Team customers dealing with software security challenges. It's particularly valuable for security teams facing too many vulnerabilities and not enough personnel. The product also offers expedited access for maintainers of open-source repositories who need to secure their codebases. Organizations looking to defend against AI-enabled attacks and find complex vulnerabilities that traditional tools miss will benefit from this capability.