Claude Security Enters Public Beta

Overview

Anthropic announced Claude Security in public beta on April 30, 2026 — a vulnerability scanning and remediation tool built on Claude Opus 4.7 that analyzes codebases for security flaws and produces targeted patch instructions.

Unlike pattern-matching static analysis, Claude Security works like a security researcher — understanding component interactions across files, tracing data flows, and analyzing source code. Each finding ships with a confidence rating, and an independent multi-stage validation pipeline reduces false positives.

Resources

• Announcement: Claude Security is now in public beta
• Direct access: claude.ai/security
• Getting started: Tutorial

Key features

• Context-aware vulnerability detection

  Goes beyond signatures and pattern matching by following call graphs and data flows across files, surfacing issues tied to business logic. Snowflake and Column both reported “novel, high-quality findings” during early testing, with Column’s Information Security Officer noting that “Claude Security grasps the actual business logic behind our code.”

• Confidence ratings and detailed reports

  Each finding includes a confidence assessment plus severity, reproducibility, and likely impact — enough context for actual triage rather than a raw alert list.

• Patch generation

  Detection isn’t the endpoint. Claude Security produces targeted fix instructions for each finding. Hebbia reported using these patches to “close real vulnerabilities in minutes, not days.”

• Scheduled and scoped scans

  Configure recurring scan cadences and scope individual scans to specific directories or branches — useful for large monorepos where you only want to scan the changed area.

• Workflow integration

  Export findings as CSV or Markdown, or send them via webhooks to Slack, Jira, and other tools. DoorDash noted Claude Security “pipes findings right into our workflows so engineers can act on them in context.”

• Triage memory

  Dismissing a finding records the reason, so later reviewers see the prior decision instead of re-litigating it.

• Multiple entry points

  • Direct — claude.ai/security web UI, claude.ai sidebar
  • Embedded in security platforms — CrowdStrike Falcon (Project Quiltworks), Microsoft Security, Palo Alto Networks, SentinelOne (Wayfinder AI), TrendAI, Wiz (Red Agent)
  • Through services partners — Accenture, BCG, Deloitte, Infosys, PwC

  These partners embed Opus 4.7 into their tooling or help organizations deploy Claude-integrated security solutions.

Notes

• Claude Enterprise only at launch — admins enable it from the admin console. Claude Team and Max access is “coming soon.”
• Distinct from Claude Code — both run on Claude Opus 4.7, but Claude Security lives at claude.ai/security with its own surface, billing, and admin model.
• Built-in cyber safeguards — automatically detect and block prohibited or high-risk cybersecurity uses. Organizations with legitimate defense needs can apply through the Cyber Verification Program.
• No public pricing yet — the announcement does not disclose pricing. Enterprise terms vary; check with sales or via the admin console.
• Distinct from Claude Mythos Preview — the announcement references Project Glasswing’s Claude Mythos Preview (matching elite human experts at finding and exploiting vulnerabilities) as a separate restricted preview. Claude Security is the broader-availability channel for security capabilities.
• AI-vs-AI threat framing — Anthropic positions the launch around AI “compressing the timeline between vulnerability discovery and exploitation,” with defenders needing access to frontier capabilities to keep pace.