5 Things To Know On Anthropic’s Claude Code Security

The AI platform said Friday it’s adding vulnerability scanning capabilities into its web-based Claude Code tool in a move to compete with application security vendors.

Anthropic announced Friday it is looking to compete with application security vendors by adding vulnerability scanning capabilities into its web-based Claude Code tool.

The move is the latest by Anthropic to add LLM-powered functionality that will rival established software makers and part of a wider trend that has shaken investor confidence in the software industry as a whole.

Share prices for multiple major security vendors fell Friday after the Anthropic announcement, notably during a day that saw the broader stock market indices rise.

What follows are five things to know about Anthropic’s Claude Code Security.

Anthropic’s AppSec Push

Claude Code Security marks the first dedicated security product from Anthropic and—for now—it’s limited to the sphere of application security.

In a blog post, Anthropic disclosed that Claude Code Security will provide codebase scanning for vulnerabilities. The tool will then make suggestions for “targeted software patches for human review, allowing teams to find and fix security issues that traditional methods often miss,” the company said in the post.

Claude Code Security is a part of Anthropic’s Claude Code offering on the web and is now rolling out in a limited research preview.

Humanlike Reasoning

Anthropic contended that its tool will enable massive security improvements compared with existing automated testing methods such as static analysis. Such methods are usually rule-based and can only compare code with known vulnerabilities, the company said.

Claude Code Security, on the other hand, “reads and reasons about your code the way a human security researcher would,” Anthropic said.

That means the tool can understand “how components interact, tracing how data moves through your application, and catching complex vulnerabilities that rule-based tools miss,” the company said.

Catching More Vulnerabilities

The result is that Claude Code Security will be capable of uncovering “more complex vulnerabilities, like flaws in business logic or broken access control,” as compared with static analysis methods, Anthropic said.

In addition, every finding made by the tool will be put through a “multistage verification process” before it’s forwarded to an analyst, the company said.

The findings are also given severity ratings to help with prioritization, according to Anthropic.

AI Is Helping Attackers, Too

With the codebase scanning capabilities offered by Anthropic poised to accelerate the shift toward making vulnerability discovery easier with AI, it’s clear that the trend will undoubtedly benefit attackers as well as defenders going forward.

Anthropic admitted as much in its post Friday, writing that “the same capabilities that help defenders find and fix vulnerabilities could help attackers exploit them.”

While Anthropic will no doubt include guardrails aimed at preventing misuse of its own tools, the dual-use nature of AI scanning suggests that attacks will only intensify going forward as the technology continues to advance.

Ultimately, threat actors “will use AI to find exploitable weaknesses faster than ever” going forward, the company said.

“But defenders who move quickly can find those same weaknesses, patch them, and reduce the risk of an attack,” the company said. “Claude Code Security is one step towards our goal of more secure codebases and a higher security baseline across the industry.”

Stock Prices Sink

Despite the restriction of Anthropic’s initial efforts to the application security sphere, investors expressed worries about the broader security industry Friday following the Anthropic announcement.

As of this writing, shares in CrowdStrike were down 6.5 percent to $394.50 a share, while Cloudflare’s stock price fell 6.2 percent to $180.71 a share. Zscaler’s stock dropped 3.1 percent to $163.76 a share, and Palo Alto Networks was down 0.6 percent to $150.14 a share.

Earlier this week, Palo Alto Networks CEO Nikesh Arora said that investor fears that AI poses more of a risk than an opportunity for cybersecurity vendors are unfounded, with LLMs unlikely to rival the capabilities of security products in the foreseeable future.

During Palo Alto Networks’ quarterly call Tuesday, Arora told analysts that while GenAI and AI agents are already proving to be massively helpful for security products and teams, there are clear limitations on what LLMs can do.

“I’m still confused why the market is treating AI as a threat” to the cybersecurity industry, he said, while adding that he “can’t speak for all of software.”

LLMs aren’t accurate enough to fully replace key segments such as security operations, and many security tools—including from Palo Alto Networks and its broad platform—have a major leg up through having access to real-world customer data for training its AI models, Arora noted.