Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning - The Hacker News

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning Ravie LakshmananFeb 21, 2026Artificial Intelligence / DevSecOps Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is currently available in a limited research preview to Enterprise and Team customers. "It scans codebases for security vulnerabilities and suggests targeted software patches for human review, allowing teams to find and fix security issues that traditional methods often miss," the company said in a Friday announcement. Anthropic said the feature aims to leverage AI as a tool to help find and resolve vulnerabilities to counter attacks where threat actors weaponize the same tools to automate vulnerability discovery.  With AI agents increasingly capable of detecting security vulnerabilities that have otherwise escaped human notice, the tech upstart said the same capabilities could be used by adversaries to uncover exploitable weaknesses more quickly than before. Claude Code Security, it added, is designed to counter this kind of AI-enabled attack by giving defenders an advantage and improving the security baseline. Anthropic claimed that Claude Code Security goes beyond static analysis and scanning for known patterns by reasoning the codebase like a human security researcher, as well as understanding how various components interact, tracing data flows throughout the application, and flagging vulnerabilities that may be missed by rule-based tools. Each of the identified vulnerabilities is then subjected to what it says is a "multi-stage verification process" where the results are re-analyzed to filter out false positives. The vulnerabilities are also assigned a severity rating to help teams focus on the most important ones. The final results are displayed to the analyst in the Claude Code Security dashboard, where teams can review the code and the suggested patches and approve them. Anthropic also emphasized that the system's decision-making is driven by a human-in-the-loop (HITL) approach. "Because these issues often involve nuances that are difficult to assess from source code alone, Claude also provides a confidence rating for each finding," Anthropic said. "Nothing is applied without human approval: Claude Code Security identifies problems and suggests solutions, but developers always make the call." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Application Security, artificial intelligence, cybersecurity, DevSecOps, enterprise security, secure coding, software development, threat detection, Vulnerability Trending News Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication Load More ▼ Popular Resources Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026 Identity Controls Checklist: Find Missing Protections in Apps Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths