Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders.<\/em> Subscribe Now<\/em><\/p>\n\n\n\n Anthropic launched automated security review capabilities for its Claude Code platform on Wednesday, introducing tools that can scan code for vulnerabilities and suggest fixes as artificial intelligence dramatically accelerates software development across the industry.<\/p>\n\n\n\n The new features arrive as companies increasingly rely on AI to write code faster than ever before, raising critical questions about whether security practices can keep pace with the velocity of AI-assisted development. Anthropic\u2019s solution embeds security analysis directly into developers\u2019 workflows through a simple terminal command and automated GitHub reviews.<\/p>\n\n\n\n \u201cPeople love Claude Code, they love using models to write code, and these models are already extremely good and getting better,\u201d said Logan Graham, a member of Anthropic\u2019s frontier red team who led development of the security features, in an interview with VentureBeat. \u201cIt seems really possible that in the next couple of years, we are going to 10x, 100x, 1000x the amount of code that gets written in the world. The only way to keep up is by using models themselves to figure out how to make it secure.\u201d<\/p>\n\n\n\n The announcement comes just one day after Anthropic released Claude Opus 4.1, an upgraded version of its most powerful AI model that shows significant improvements in coding tasks. The timing underscores an intensifying competition between AI companies, with OpenAI expected to announce GPT-5 imminently and Meta aggressively poaching talent with reported $100 million signing bonuses.<\/p>\n\n\n\n Power caps, rising token costs, and inference delays are reshaping enterprise AI. Join our exclusive salon to discover how top teams are:<\/p>\n\n\n\n Secure your spot to stay ahead<\/strong>: https:\/\/bit.ly\/4mwGngO<\/p>\n\n\n\n The security tools address a growing concern in the software industry: as AI models become more capable at writing code, the volume of code being produced is exploding, but traditional security review processes haven\u2019t scaled to match. Currently, security reviews rely on human engineers who manually examine code for vulnerabilities \u2014 a process that can\u2019t keep pace with AI-generated output.<\/p>\n\n\n\n Anthropic\u2019s approach uses AI to solve the problem AI created. The company has developed two complementary tools that leverage Claude\u2019s capabilities to automatically identify common vulnerabilities including SQL injection risks, cross-site scripting vulnerabilities, authentication flaws, and insecure data handling.<\/p>\n\n\n\n The first tool is a The second component is a GitHub Action that automatically triggers security reviews when developers submit pull requests. The system posts inline comments on code with security concerns and recommendations, ensuring every code change receives a baseline security review before reaching production.<\/p>\n\n\n\n Anthropic has been testing these tools internally on its own codebase, including Claude Code itself, providing real-world validation of their effectiveness. The company shared specific examples of vulnerabilities the system caught before they reached production.<\/p>\n\n\n\n In one case, engineers built a feature for an internal tool that started a local HTTP server intended for local connections only. The GitHub Action identified a remote code execution vulnerability exploitable through DNS rebinding attacks, which was fixed before the code was merged.<\/p>\n\n\n\n Another example involved a proxy system designed to manage internal credentials securely. The automated review flagged that the proxy was vulnerable to Server-Side Request Forgery (SSRF) attacks, prompting an immediate fix.<\/p>\n\n\n\n \u201cWe were using it, and it was already finding vulnerabilities and flaws and suggesting how to fix them in things before they hit production for us,\u201d Graham said. \u201cWe thought, hey, this is so useful that we decided to release it publicly as well.\u201d<\/p>\n\n\n\n\n\n\n\n Beyond addressing the scale challenges facing large enterprises, the tools could democratize sophisticated security practices for smaller development teams that lack dedicated security personnel.<\/p>\n\n\n\n \u201cOne of the things that makes me most excited is that this means security review can be kind of easily democratized to even the smallest teams, and those small teams can be pushing a lot of code that they will have more and more faith in,\u201d Graham said.<\/p>\n\n\n\n The system is designed to be immediately accessible. According to Graham, developers can start using the security review feature within seconds of the release, requiring just about 15 keystrokes to launch. The tools integrate seamlessly with existing workflows, processing code locally through the same Claude API that powers other Claude Code features.<\/p>\n\n\n\n The security review system works by invoking Claude through an \u201cagentic loop\u201d that analyzes code systematically. According to Anthropic, Claude Code uses tool calls to explore large codebases, starting by understanding changes made in a pull request and then proactively exploring the broader codebase to understand context, security invariants, and potential risks.<\/p>\n\n\n\n Enterprise customers can customize the security rules to match their specific policies. The system is built on Claude Code\u2019s extensible architecture, allowing teams to modify existing security prompts or create entirely new scanning commands through simple markdown documents.<\/p>\n\n\n\n \u201cYou can take a look at the slash commands, because a lot of times slash commands are run via actually just a very simple Claude.md doc,\u201d Graham explained. \u201cIt\u2019s really simple for you to write your own as well.\u201d<\/p>\n\n\n\n The security announcement comes amid a broader industry reckoning with AI safety and responsible deployment. Recent research from Anthropic has explored techniques for preventing AI models from developing harmful behaviors, including a controversial \u201cvaccination\u201d approach that exposes models to undesirable traits during training to build resilience.<\/p>\n\n\n\n The timing also reflects the intense competition in the AI space. Anthropic released Claude Opus 4.1 on Tuesday, with the company claiming significant improvements in software engineering tasks\u2014scoring 74.5% on the SWE-Bench Verified coding evaluation, compared to 72.5% for the previous Claude Opus 4 model.<\/p>\n\n\n\n Meanwhile, Meta has been aggressively recruiting AI talent with massive signing bonuses, though Anthropic CEO Dario Amodei recently stated that many of his employees have turned down these offers. The company maintains an 80% retention rate for employees hired over the last two years, compared to 67% at OpenAI and 64% at Meta.<\/p>\n\n\n\n The security features represent part of Anthropic\u2019s broader push into enterprise markets. Over the past month, the company has shipped multiple enterprise-focused features for Claude Code, including analytics dashboards for administrators, native Windows support, and multi-directory support.<\/p>\n\n\n\n The U.S. government has also endorsed Anthropic\u2019s enterprise credentials, adding the company to the General Services Administration\u2019s approved vendor list alongside OpenAI and Google, making Claude available for federal agency procurement.<\/p>\n\n\n\n Graham emphasized that the security tools are designed to complement, not replace, existing security practices. \u201cThere\u2019s no one thing that\u2019s going to solve the problem. This is just one additional tool,\u201d he said. However, he expressed confidence that AI-powered security tools will play an increasingly central role as code generation accelerates.<\/p>\n\n\n\n As AI reshapes software development at an unprecedented pace, Anthropic\u2019s security initiative represents a critical recognition that the same technology driving explosive growth in code generation must also be harnessed to keep that code secure. Graham\u2019s team, called the frontier red team, focuses on identifying potential risks from advanced AI capabilities and building appropriate defenses.<\/p>\n\n\n\n \u201cWe have always been extremely committed to measuring the cybersecurity capabilities of models, and I think it\u2019s time that defenses should increasingly exist in the world,\u201d Graham said. The company is particularly encouraging cybersecurity firms and independent researchers to experiment with creative applications of the technology, with an ambitious goal of using AI to \u201creview and preventatively patch or make more secure all of the most important software that powers the infrastructure in the world.\u201d<\/p>\n\n\n\n The security features are available immediately to all Claude Code users, with the GitHub Action requiring one-time configuration by development teams. But the bigger question looming over the industry remains: Can AI-powered defenses scale fast enough to match the exponential growth in AI-generated vulnerabilities?<\/p>\n\n\n\n For now, at least, the machines are racing to fix what other machines might break.<\/p>\n Daily insights on business use cases with VB Daily<\/strong><\/p>\n If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.<\/p>\n \n\t\t\t\t\tThanks for subscribing. Check out more VB newsletters here.\n\t\t\t\t<\/p>\n An error occured.<\/p>\n<\/p><\/div>\n
\n<\/div>
\n\n\n\n\n
\n<\/div>Why AI code generation is creating a massive security problem<\/h2>\n\n\n\n
\/security-review<\/code> command that developers can run from their terminal to scan code before committing it. \u201cIt\u2019s literally 10 keystrokes, and then it\u2019ll set off a Claude agent to review the code that you\u2019re writing or your repository,\u201d Graham explained. The system analyzes code and returns high-confidence vulnerability assessments along with suggested fixes.<\/p>\n\n\n\nHow Anthropic tested the security scanner on its own vulnerable code<\/h2>\n\n\n\n
Inside the AI architecture that scans millions of lines of code<\/h2>\n\n\n\n
The $100 million talent war reshaping AI security development<\/h2>\n\n\n\n
Government agencies can now buy Claude as enterprise AI adoption accelerates<\/h2>\n\n\n\n
The race to secure AI-generated software before it breaks the internet<\/h2>\n\n\n\n
![\"\"\/](\"https:\/\/venturebeat.com\/wp-content\/themes\/vb-news\/brand\/img\/vb-daily-phone.png\")
\n\t\t\t\t<\/div>\n<\/p><\/div>\n<\/div>\t\t\t<\/div>\r\n