Claude’s New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging - SecurityWeek

The stocks of major cybersecurity companies have fallen sharply after AI firm Anthropic unveiled a new security capability for its Claude LLM.  Anthropic announced on Friday that its AI-powered coding assistant Claude Code is being enhanced with a new capability designed for finding vulnerabilities. The new capability is named Claude Code Security and it’s currently available in limited preview to Enterprise and Team customers. It’s designed to scan code for vulnerabilities and suggest patches. Developers can review the patch suggestions and decide whether they want to apply them. Similar tools have been available for some time. GitHub has been offering AI-powered vulnerability remediation capabilities for years, and Google has also been making significant progress in this area. While the new Claude capability is limited to finding vulnerabilities in code, the markets reacted to the announcement and the shares of major cybersecurity companies fell over fears that AI could replace their solutions.  Broader software stocks have faced pressure in recent weeks amid AI disruption concerns, and cybersecurity firms are now experiencing similar volatility. The stock of major companies such as CrowdStrike (NASDAQ: CRWD), Cloudflare (NYSE: NET), Okta (NASDAQ: OKTA), Zscaler (NASDAQ: ZS), Tenable (NASDAQ: TENB), Sailpoint (NASDAQ: SAIL), SentinelOne (NYSE: S), Fortinet (NASDAQ: FTNT), JFrog (NASDAQ: FROG), and Palo Alto Networks (NASDAQ: PANW) plunged in response to Anthropic’s announcement, in some cases more than 10%, erasing billions in market capitalization.  By Tuesday, some companies saw partial recoveries, while others remained lower as of Tuesday’s close. Cybersecurity industry responds The cybersecurity industry is downplaying fears that AI could replace existing solutions or entire categories of tools, arguing that AI is an ally rather than a threat. Just days before the Claude announcement and the stock dive, Palo Alto Networks CEO Nikesh Arora said in an earnings call that AI will not replace cybersecurity products anytime soon. Arora said he is “confused” regarding why the market would treat AI as a threat to cybersecurity.  CrowdStrike CEO George Kurtz responded to the Claude announcement, highlighting that when asked about it even Anthropic’s AI says the new security tool is not meant to replace CrowdStrike solutions, and that it would be very difficult for AI to replicate all the work that has gone into developing CrowdStrike products. “AI is powerful. It’s transformative. And it absolutely makes security better. But AI doesn’t eliminate the need for security. It increases it,” Kurtz said, adding, “If you want to build AI, you need GPUs. If you want to deploy AI, you need security. That’s not a hallucination – it’s a fact.” Glenn Weinstein, CEO of software artifact management platform Cloudsmith, told SecurityWeek that while the new Claude security tool is a welcome addition to developers’ toolset, it’s designed to complement existing security application testing tools, not replace them. Weinstein also noted, “The vast majority of code running in production is typically sourced from third-party binaries, not code you or your AI agents wrote in-house.” Guy Flechter, CEO and co‑founder of Sola Security, which provides an AI platform for security teams, commented, “Friday’s market reaction to Anthropic’s announcement says more about how powerful AI has become than about the collapse of the security stack.” “Claude Code Security doesn’t replace your endpoint, identity, or cloud platforms, it starts to change the state of mind of how you can do security and replaces the manual glue work between them,” Flechter told SecurityWeek.  “For years, security teams have relied on big solutions and humans to stitch together posture reviews, identity audits, compliance evidence, and cross-tool investigations across multiple consoles. AI is now strong enough to take on that burden. That’s not disruption for disruption’s sake, it’s long overdue evolution for the entire security industry,” he added. Joe Silva, CEO of vulnerability management firm Spektion, believes this moment represents a fundamental shift in application security that goes beyond tooling, and challenges the core assumptions of how defenders and attackers operate. “Think of this as the ultimate red-team tool and one that can reason about code like a seasoned analyst, not just match patterns. That’s powerful and it’s exactly why this announcement is sending ripples through the cybersecurity market,” Silva said.  “However, don’t mistake this for a plateau,” Silva added. “In adversarial environments, capabilities are symmetrical but speed to operationalize is asymmetrical in favor of attackers. The very AI skills defenders laud today will be weaponized by attackers tomorrow to find unpredictable vectors, to pivot at machine speed, to uncover dangers static tools never even dreamed of.” Related: Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs Related: Cybersecurity Firms React to China’s Reported Software Ban WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation Marquis Data Breach Affects 672,000 Individuals CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch UK Companies House Exposed Details of Millions of Firms  Latest News RSAC 2026 Conference Announcements Summary (Pre-Event) M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware  Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack QNAP Patches Four Vulnerabilities Exploited at Pwn2Own  Tycoon 2FA Fully Operational Despite Law Enforcement Takedown Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability Critical Quest KACE Vulnerability Potentially Exploited in Attacks Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move 7AI has appointed Israel Barak as its first Chief Information Security Officer. Brian Harrell has been appointed Chief Security Officer at FirstEnergy. eSentire has named James C. Foster as Chief Executive Officer. More People On The Move Expert Insights The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How To Eliminate The Technical Debt Of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Email