Claude Code Security, a new capability built into Claude Code on the web, is now available in a limited research preview for Enterprise and Team customers. The tool scans codebases for security vulnerabilities and suggests targeted software patches for human review, allowing teams to identify and address security issues that traditional methods often miss.
The Problem Claude Code Security Aims to Solve
Security teams face a persistent challenge: too many software vulnerabilities and too few people to address them. Existing static analysis tools match code against known vulnerability patterns, catching common issues such as exposed passwords or outdated encryption. However, they frequently miss more complex flaws, including broken access control and business logic errors.
Finding subtle, context-dependent vulnerabilities typically requires skilled human researchers. Meanwhile, those researchers face ever-expanding backlogs, leaving many issues undetected for extended periods.
How Claude Code Security Works
Rather than scanning for known patterns, Claude Code Security reads and reasons about code the way a human security researcher would. It understands how components interact, traces how data moves through an application, and identifies complex vulnerabilities that rule-based tools miss.
Every finding goes through a multi-stage verification process before reaching an analyst. The system re-examines each result, attempting to prove or disprove its own findings and filter out false positives. Findings are also assigned severity ratings so teams can prioritize the most critical fixes first.
Validated findings appear in the Claude Code Security dashboard, where teams can review them, inspect suggested patches, and approve fixes. The system also provides a confidence rating for each finding. Notably, no fix is applied without human approval: the tool identifies problems and suggests solutions, but developers make the final decision.
Research Backing and Real-World Results
Claude Code Security builds on more than a year of research into Claude’s cybersecurity capabilities. Anthropic’s Frontier Red Team has been testing these abilities by entering Claude in competitive Capture-the-Flag events and partnering with Pacific Northwest National Laboratory to experiment with using AI to defend critical infrastructure.
Using Claude Opus 4.6, released earlier this month, Anthropic’s team found over 500 vulnerabilities in production open-source codebases. These were bugs that had gone undetected for decades despite years of expert review. The company said it is working through triage and responsible disclosure with maintainers and plans to expand its security work with the open-source community.
“Attackers will use AI to find exploitable weaknesses faster than ever. But defenders who move quickly can find those same weaknesses, patch them, and reduce the risk of an attack.”
Anthropic
Availability and Access
Anthropic is opening the limited research preview of Claude Code Security to Enterprise and Team customers starting February 20, 2026. Participants will receive early access and collaborate directly with Anthropic’s team to refine the tool’s capabilities. Furthermore, open-source maintainers can apply for free, expedited access to the preview.
The company stated that it expects a significant share of the world’s code to be scanned by AI in the near future, given how effective models have become at finding long-hidden bugs. Anthropic described Claude Code Security as one step toward its goal of more secure codebases and a higher security baseline across the industry.
