PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Anthropic Rolls Out Autonomous Vulnerability-Hunting AI Tool for Claude Code

The new tool, now testing as part of Claude Code, can scan codebases for security vulnerabilities and suggest targeted software fixes for human review.

Will McCurdy
 & Will McCurdy Contributor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Samuel Boivin/NurPhoto via Getty Images)

Reports have come to light over the past year about how cybercriminals, including state-sponsored actors, have been able to use frontier AI models from AI firm Anthropic to find exploitable vulnerabilities within code, even in the mature and well-maintained systems of large corporations. Now, the OpenAI rival says it is rolling out similar vulnerability-identifying AI capabilities for its customers.

Anthropic is launching Claude Code Security, a new cybersecurity capability for Claude Code, its popular AI coding tool. The company says the tool can scan codebases for security vulnerabilities and suggest targeted software fixes for human review.

The company claims the tool differs from traditional security software because it does not rely on rule-based pattern matching—where code is analyzed and compared to known vulnerabilities—but instead “reasons through your code like a security researcher.”

Issues identified by the tool will be assigned severity ratings to help security teams prioritize, as well as “confidence rankings” indicating how certain the system is in its assessment of each risk, after automatically reexamining findings for false positives. The tool will not make changes to code directly but will add identified issues to a dashboard for human security teams to assess and act on.

Recommended by Our Editors

I Used ChatGPT to Build Complex Spreadsheets Fast. Here’s How You Can, Too
I Used ChatGPT to Build Complex Spreadsheets Fast. Here’s How You Can, Too
GitHub Copilot Costs Skyrocket As Users Are Pushed to Per-Token Billing
GitHub Copilot Costs Skyrocket As Users Are Pushed to Per-Token Billing
Anthropic Moves to Go Public Ahead of OpenAI
Anthropic Moves to Go Public Ahead of OpenAI

Claude Code Security is now available in limited research preview for Enterprise and Team customers. Those maintaining open-source code repositories can also apply for free, expedited access.

Anthropic is not alone in rolling out this type of tool. OpenAI began beta testing Aardvark, an agentic security researcher powered by GPT-5, in October.

Some may be betting traditional cybersecurity companies could be negatively impacted by the rise of tools like Anthropic’s new offering. SiliconANGLE reports that cybersecurity firm CrowdStrike Holdings closed the trading session down almost 8% after Claude Code Security was announced, while Cloudflare fell just over 8%.

In a November interview with PCMag, Boris Cherny, Head of Claude Code, hinted that future models "are gonna run for a longer period of time without human intervention" and teased increased integrations with other AI models.

About Our Expert

Will McCurdy

Will McCurdy

Contributor

I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.

Read the latest from Will McCurdy

Read full bio