CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 27, 2026

Anthropic Releases Free Security Plugin for Claude Code Terminal to Detect Vulnerabilities

Cybersecurity News Archived May 27, 2026 ✓ Full text saved

Anthropic has launched a security-guidance plugin for its Claude Code terminal tool that autonomously reviews code edits, model outputs, and commits in real time to catch vulnerabilities before they reach production. The plugin is free for all users and available on all plans, marking a significant step toward shifting security left in the AI-assisted development […] The post Anthropic Releases Free Security Plugin for Claude Code Terminal to Detect Vulnerabilities appeared first on Cyber Securi

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security Anthropic Releases Free Security Plugin for Claude Code Terminal to Detect Vulnerabilities By Guru Baran May 27, 2026 Anthropic has launched a security-guidance plugin for its Claude Code terminal tool that autonomously reviews code edits, model outputs, and commits in real time to catch vulnerabilities before they reach production. The plugin is free for all users and available on all plans, marking a significant step toward shifting security left in the AI-assisted development workflow. Three-Layer Defense Built Into Claude Code The security-guidance plugin operates across three distinct review checkpoints, each designed to catch threats at different stages of the coding session. On every file edit, the plugin runs a fast, deterministic pattern match with no model call that flags dangerous constructs like eval(), new Function(), os.system(), child_process.exec(), pickle deserialization, and DOM injection vectors such as dangerouslySetInnerHTML and .innerHTML=. Because this layer requires no AI inference, it adds zero usage cost. At the end of each conversational turn, a background Claude model, separate from the one writing the code, reviews the full git diff of all changes made during that session. This reviewer starts from a fresh context with no investment in the original approach, catching logic-level vulnerabilities that string matching cannot detect, including authorization bypass, insecure direct object references, server-side request forgery, and weak cryptography. WE’VE SHIPPED A SECURITY-GUIDANCE PLUGIN FOR CLAUDE CODE THAT HELPS IDENTIFY AND FIX VULNERABILITIES AS YOU’RE WRITING CODE. AVAILABLE FOR ALL CLAUDE CODE USERS. INSTALL FROM THE PLUGIN MARKETPLACE (/PLUGINS). PIC.TWITTER.COM/LPRGC4M6KF — ClaudeDevs (@ClaudeDevs) May 26, 2026 When Claude commits or pushes via its Bash tool, a deeper agentic review reads surrounding callers, sanitizers, and related files to minimize false positives. Internal testing showed the plugin cut security-related comments on pull requests by 30–40%, acting as an in-session companion to Claude Code’s existing pull request Code Review feature. The plugin is powered by Claude Opus 4.7 by default for both the end-of-turn and commit reviews, though developers can configure alternative models via the SECURITY_REVIEW_MODEL and SG_AGENTIC_MODEL environment variables. Industry leaders have praised the approach. Executives including J.P. Morgan’s Shalini Goyal highlighted the value of embedding security guidance directly into the coding session rather than relying on downstream review cycles. Installation and Customization Installing the plugin takes a single command inside a Claude Code session: text/plugin install security-guidance@claude-plugins-official /reload-plugins Developers can extend the plugin’s behavior via two repo-level files — a .claude/claude-security-guidance.md file for plain-language threat model rules fed to the model reviewers, and a .claude/security-patterns.yaml file for custom regex or substring patterns applied to the per-edit check. Organizations can enforce the plugin across all team members by declaring it in .claude/settings.json, and administrators can push it organization-wide through managed settings. The plugin requires Claude Code CLI version 2.1.144 or later and Python 3.8+ on the system PATH. On first run, it creates a virtual environment under ~/.claude/security/ and installs the Claude Agent SDK for agentic commit reviews. An open-sourced reference repository on GitHub anthropics/claude-code-security-review demonstrates agents autonomously hunting and patching issues, supporting SQL injection, XSS, RCE via deserialization, insecure direct object references, and hardcoded credential detection. The plugin is explicitly positioned as one layer of defense in depth, not a complete security solution, and does not block writes or commits — findings are surfaced as instructions for Claude to resolve within the same session. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Critical Memcached SASL Vulnerability Let Attackers Infer Valid Usernames Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now! Italian Authorities Dismantled CINEMAGOAL App that Enables Access to Various Streaming Platforms Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access and Pivot Into Enterprise Linux Networks Hackers Compromised 233 Versions of Laravel-Lang Packages by Hacking 700 GitHub Repos Latest News ANY.RUN How Tier 1 Can Process Alerts 3x Faster with Threat Intelligence Cyber Security News Quasar Linux RAT Targets Developers With Fileless Execution and eBPF Rootkit Cyber Security News China-Linked Hackers Target Southeast Asian Edge Routers With Custom Linux Implant Cyber Security Microsoft Defender Now Automatically Isolates Compromised Devices to Stop Ransomware Cyber Security Microsoft SharePoint Server Vulnerability Enables Remote Code Execution Attacks
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    May 27, 2026
    Archived
    May 27, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗