Claude Code Security: Secure your company's code!

Anthropic has just launched Claude Code Security, an AI-powered security tool that has already detected over 500 high-severity vulnerabilities in open-source projects. These flaws had evaded human experts for decades. Here’s everything you need to know to protect your company’s codebases with this new cybersecurity weapon.
‍

What is Claude Code Security and why it's a game-changer for software security

Claude Code Security is a new feature integrated into Claude Code on the web. Launched by Anthropic in February 2026, it enables scanning entire codebases for vulnerabilities and then suggests targeted fixes subject to human review. In short, it’s an AI security tool designed to do what traditional scanners can’t: reason about your code.

The starting point is simple. Security teams are overwhelmed. Vulnerability backlogs keep growing. And while traditional static analysis tools are useful, they’re limited to detecting known patterns. They can spot hardcoded passwords or outdated encryption. But when it comes to business logic flaws, poorly implemented access controls, or vulnerabilities arising from interactions between multiple components, they miss them entirely.

This is exactly where Claude Code Security changes the game. Instead of comparing code against a signature database, this AI security tool reads and reasons about code the way a human security researcher would. It traces data flows across files. It understands how components interact. And it identifies complex logical errors that rule-based tools simply can’t see.

The number that shook the entire cybersecurity sector: Claude Opus 4.6, the model powering the tool, identified over 500 high-severity vulnerabilities in widely used open-source libraries like Ghostscript, OpenSC, and CGIF. These bugs had been present for decades. Years of review by human experts had failed to spot them.

For now, Claude Code Security is available as a limited research preview. Customers Anthropic Enterprise and Team can request access. Open-source project maintainers receive accelerated and free access. Anthropic clearly wants to put this capability in the hands of defenders first, before attackers can exploit the same advancements.
‍

What types of vulnerabilities does Claude Code Security detect?

Claude Code Security’s strength lies in the depth of its code analysis. The tool doesn’t just look for known patterns. It understands the code, and this understanding allows it to detect categories of flaws that traditional scanners consistently miss.

Memory corruption and buffer overflows

Memory corruption vulnerabilities are among the most dangerous in software security. A buffer overflow can allow an attacker to crash a system or even execute arbitrary code. Claude Code Security excels at detecting these flaws because it doesn’t just look for risky function calls. It understands the underlying logic of the code.

The most striking example comes from the CGIF library, a GIF file processing tool. Claude discovered a heap buffer overflow vulnerability that required a deep understanding of the LZW algorithm and its relationship with the GIF format to be triggered. The critical point: even with 100% line and branch test coverage, this vulnerability could have remained invisible. It required a very specific sequence of operations that only contextual reasoning could identify.

In the case of OpenSC, a smart card processing utility, Claude spotted a buffer overflow by examining calls to functions like strrchr() and strcat() and understanding how these functions interacted in the specific context of the code. This type of code analysis goes far beyond what rule-based scanners do.

Injection flaws and authentication bypasses

Injection flaws remain one of the most common threats in software security. SQL injection, command injection, or template injection: these vulnerabilities occur when an application fails to properly filter user input. Claude Code Security identifies code sections lacking effective filters, even when the pattern isn’t classic.

The tool also detects authentication bypasses—flaws that allow attackers to circumvent an application’s authentication mechanisms. The security analysis Claude performs goes beyond checking for the presence of an authentication module. It examines how that module interacts with the rest of the application and whether unprotected access paths exist.

What makes this detection particularly effective is that Claude reasons across the entire flow of a request through the application. It doesn’t examine each file in isolation. It traces the data path from end to end.

Complex logical errors and access control vulnerabilities

This is arguably the area where Claude Code Security stands out most clearly from traditional tools. Complex logical errors don’t match any known signature. They arise from how a developer implemented a feature, not from an identifiable code pattern.

For example, an access control system might appear correct in each individual file but contain a flaw when you understand how the components interact. Claude Code Security traces how data flows across the entire codebase. It understands the interactions between modules. And it identifies cases where business logic inadvertently creates vulnerabilities.

However, it’s important to note a key limitation. Claude Code Security performs static code analysis—albeit far more intelligent than traditional static analysis. It doesn’t run the application. So it can’t confirm whether a vulnerability is actually exploitable in a given production environment. Runtime validation remains necessary for a comprehensive security review.
‍

How Claude Code Security works: from scan to fix

Understanding how Claude Code Security operates helps explain why this AI-powered security tool stands apart from existing solutions. The process unfolds in several stages, from connecting to your code repository to approving fixes with your team.

Contextual reasoning, not pattern matching

The security analysis performed by Claude Code Security is based on a fundamentally different principle than traditional static analysis. Conventional tools rely on pattern matching: they compare your code against a database of known vulnerabilities. If your code resembles a dangerous pattern, it’s flagged. This approach works for common flaws but misses anything outside the catalog.

Claude Code Security, on the other hand, reasons about your code. It can read a project’s Git history to understand which changes introduced bugs. It traces data flows across files to identify where unfiltered input could cause issues. It understands business logic well enough to know which specific input might break a given function.

It’s precisely this contextual code analysis capability that enabled Claude to discover the vulnerability in Ghostscript. After traditional fuzzing and manual analysis yielded nothing, Claude turned to the project’s Git history, identified a commit that introduced a bug related to a missing bounds check, and then proactively verified whether similar bugs existed elsewhere in the codebase.

Multi-step adversarial verification

One of the major issues with traditional security analysis tools is the high rate of false positives. When a tool flags 200 vulnerabilities, half of which aren’t real, teams waste precious time sorting through them. Claude Code Security tackles this problem head-on.

Every detected vulnerability undergoes an adversarial verification process. In practice, Claude challenges its own findings. It attempts to prove or disprove each result before presenting it to an analyst. This process acts as an internal filter that eliminates false positives upfront.

Validated vulnerabilities then receive a severity score so teams can prioritize. Claude also assigns a confidence level to each finding. This dual scoring system helps teams focus their efforts on the most critical and certain issues, significantly streamlining the security workflow.

Suggested fixes and mandatory human approval

Claude Code Security doesn’t stop at detection. For every identified vulnerability, the tool proposes a fix. A "suggest fix" button generates a patch that aligns with the existing code’s structure and style.

Validated results appear in the Claude Code Security dashboard, where teams can review them, inspect the suggested fixes, and approve the changes. This is a critical point: nothing is applied automatically. Developers always retain final control. Every patch requires human approval before integration.

This AI-assisted secure coding approach aims to accelerate remediation, not replace human judgment. Teams can also export results to their existing vulnerability management tools, making it easier to integrate into an established security workflow.
‍

Claude Code’s security architecture: permissions, sandboxing, and the MCP protocol

When discussing a tool that accesses your codebases, its own security is a legitimate concern. Claude Code was designed with a permission-based architecture that prioritizes security. Here’s how.

Permission-based architecture and bash command approval

Claude Code operates in read-only mode by default. That’s the starting point. Any action beyond simple reading—whether modifying a file, executing a command, or using an external tool—requires explicit user approval.

The bash command approval system is particularly rigorous. Even if a command is on the allowed list, the system blocks it and requests manual validation if it detects suspicious behavior. This command injection detection mechanism protects against cases where malicious input might attempt to hijack Claude to execute destructive commands.

The fail-closed matching principle further strengthens this code protection: any command that does not clearly match a known authorization rule requires manual approval by default. Identifiers (API keys, tokens) are encrypted and stored securely. Claude Code’s security documentation details all these mechanisms for teams that want to audit the system.

Sandboxing and secure cloud execution

Anthropic has developed a sandboxing system for Claude Code that creates predefined boundaries within which the tool can operate freely. This system relies on two pillars: filesystem isolation and network isolation.

Filesystem isolation ensures that Claude can only access or modify specific directories. It cannot read your SSH keys or credential files located in other directories. Network isolation restricts outbound connections, preventing any data exfiltration even in the event of a compromise.

For cloud execution security on the web, each Claude Code session runs in an isolated virtual machine managed by Anthropic. Authentication goes through a secure proxy that uses a limited-scope identifier in the sandbox, then translates it into your actual GitHub credentials. Anthropic has even open-sourced this sandboxing technology so other teams can adopt it in their own agents.

Model Context Protocol (MCP) security and tool governance

The Model Context Protocol (MCP) extends Claude Code’s capabilities by connecting external tool servers. But this extensibility comes with risks, and MCP security is taken seriously.

Each new MCP server requires a trust verification before it can be used. Organizations can define allowlists and denylists at the enterprise level to control which servers are permitted. These managed settings cannot be bypassed by individual developers, ensuring centralized governance.

The recommended best practices in the Claude Code docs are clear: only enable trusted MCP servers, pin versions to avoid silent updates, and regularly audit configurations. Because once an MCP server is approved, it can update itself without requesting new consent. Version pinning is therefore essential to maintain secure execution over time.
‍

Claude Code Security vs. traditional security tools: what really changes

To understand what Claude Code Security brings to the table, you first need to understand how classic static analysis tools (SAST) work. These tools compare each piece of code against a database of rules that define known vulnerabilities. If a code snippet matches a pattern in the database, it is flagged. This approach effectively detects common issues: hardcoded passwords, outdated encryption algorithms, or dependencies known to be vulnerable.

But these rules cannot cover every variant of every vulnerability. They lack context. They do not trace data flows. And they often produce a high rate of false positives that ends up drowning real problems in noise. As a result, security teams spend more time sorting through alerts than fixing actual vulnerabilities.

Claude Code Security works differently. Its security analysis is contextual. It understands how your application’s components communicate with each other, how data flows from one module to another, and why a given implementation creates a risk. Adversarial verification reduces false positives. And automatic fix suggestions close the loop between detection and remediation.

One important point: Claude Code Security is designed as a complement, not a replacement. Anthropic makes this clear: the tool catches what classic scanners miss, and you can export its findings to your existing security workflows. For comprehensive code protection, it fits into a multi-layered approach where Claude’s contextual analysis complements classic static analysis and runtime testing.

The market has taken this announcement very seriously. On launch day, the stocks of several major cybersecurity companies dropped significantly. CrowdStrike lost nearly 8%, Cloudflare a little over 8%. These market reactions show that the industry sees Claude Code Security not as a gimmick, but as a true paradigm shift in software security.
‍

How to integrate Claude Code Security into your business

Moving from discovery to action is the next step. Here’s how you can concretely adopt Claude Code Security in your development processes.

Who can access it and under what conditions

To date, Claude Code Security is available in a limited research preview. To access it, you must be an Anthropic customer with an Enterprise or Team plan. Open-source project maintainers can request accelerated and free access. Anthropic wants to collaborate with the community to refine the tool’s capabilities before a wider rollout.

One important usage condition: the tool can only be used on code that your company owns and for which it holds all necessary rights. No third-party licensed code, no open-source projects where you are not a maintainer. This restriction aims to ensure the responsible use of the tool.

Securing your daily use of Claude Code

Beyond the security scanning feature, it is essential to properly configure Claude Code itself for safe daily use. The recommended approach is to treat Claude Code as a powerful assistant that still requires constant supervision. Any critical changes to your codebases must go through human review.

Permission configuration is done granularly via the managed-settings.json file. This file allows you to precisely define what Claude can do (allow), what requires approval (ask), and what is strictly forbidden (deny). The permission-based architecture offers three levels of control, enabling security to be tailored to the work context. Never run Claude Code with root privileges—this is an absolute rule. The tool must operate in a sandboxed environment, ideally a dedicated Docker container or virtual machine, to limit the impact of any potential compromise.

Approval of bash commands must remain strict for sensitive operations. Resist the temptation to globally allow commands like git push or docker run. Instead, prefer specific patterns (e.g., npm run test:*) to limit the scope of permissions. Audit configurations and authorized MCP servers monthly. And keep a short retention period for transcripts, between 7 and 14 days, to limit exposure of sensitive data in case of a leak.

Integrate Claude Code Security into your existing security workflow

Claude Code Security was designed to fit into the tools teams already use. Since it’s built on Claude Code, teams can review findings and iterate on fixes directly in their familiar environment.

Analysis results can be exported to existing vulnerability management systems. Anthropic’s stated goal is to reduce the software security review process to just a few clicks, while keeping humans in the loop for every critical decision. For organizations with a mature security workflow, Claude Code Security adds an extra layer of code analysis that strengthens protection without disrupting existing processes.
‍

Securing AI-generated code in production: Scroll’s support

Securing AI-generated code isn’t just about a tool—it’s a process (human review, secrets, dependencies, sandboxing) integrated into the development cycle. Beyond this article, it’s about guidance.

Scroll develops and secures your applications using AI-assisted code built for production, or takes over a high-risk AI project (free 48-hour diagnosis). See also integrating Claude in your business.

What Claude Code Security means for the future of software security

The launch of Claude Code Security comes at a pivotal moment for cybersecurity. And Anthropic is fully aware of this.

The company openly admits: the same AI capabilities that help defenders find vulnerabilities can be exploited by attackers. It’s the double-edged sword of this technology. A model capable of detecting a zero-day flaw hidden for years is also a model that, in the wrong hands, could identify exploitable weaknesses faster than ever. Anthropic has even strengthened the security controls of Claude Opus 4.6 and implemented safeguards to detect and block malicious use.

Anthropic’s vision is clear: a significant portion of the world’s code will be scanned by AI in the near future. Models have become too effective at uncovering long-hidden bugs for this shift to be ignored. And with the rise of "vibe coding"—where more and more code is generated by AI—the need for automated, intelligent scanning tools will only grow. The faster we generate code, the larger the attack surface becomes, and the more we need tools capable of securing these codebases at the same speed.

For businesses, the stakes are strategic. Those that integrate AI security tools into their processes now will gain an edge. They’ll detect and fix vulnerabilities before attackers exploit them. Those that wait risk falling behind, facing attackers who will use AI to identify weaknesses faster than ever.

This is precisely the kind of technological shift that we help businesses navigate at Scroll. Integrating Claude Code Security or other AI security tools into your development workflows isn’t as simple as pressing a button. It requires a deep understanding of your tech stack, existing processes, and compliance constraints. If you want to stay ahead of this evolution and structure your approach to AI-assisted software security, contact Scroll. We help technical teams make the most of these new capabilities, from evaluation to operational deployment.

‍