Skip to content

466M lines in 20 hours: Claude Code becomes Alberta security infrastructure

Original: Government of Alberta uses Claude to find and fix cybersecurity vulnerabilities across government systems View original →

Read in other languages: 한국어日本語
LLM Jul 7, 2026 By Insights AI 2 min read 1 views Source

Alberta has turned coding agents into a government security tool, not just a faster way to write application code. The province says its Ministry of Technology and Innovation used Claude Code with Opus and Sonnet models to scan 466 million lines of code in about 20 hours, across systems that support all 27 provincial ministries.

The scale is the point. According to Anthropic's case study, the review covered about 1,280 applications and 3,400 repositories, including systems tied to social services, public safety, wildfire response, tax records, procurement data, and case files. Alberta says much of that estate had never gone through a systematic security review, a familiar problem for large public agencies running decades of inherited software.

The workflow used around 50 agents in parallel. A first stage used rules to flag known vulnerability patterns, while a second stage had Claude review the findings and cite specific files and lines so engineers could verify them. Alberta estimates the same work would have taken about 6.5 years through a conventional review process. That number should be read as an internal estimate, but it shows how aggressively governments are starting to measure agent systems against legacy modernization backlogs.

The project did not stop at reporting findings. Where a vulnerability could be patched, Claude Code generated fixes, tests, and builds for human review. Where older systems were hard to repair, Alberta says the tool helped rebuild some applications in more modern languages. One example was a subsidy program portal originally hand-coded in Java roughly 25 years ago; the ministry says similar systems could be rebuilt in four to five days.

The most durable part may be the operational model. Alberta built red-team and blue-team review agents that run throughout development, checking applications against roughly 95 security controls on each pass. The province is also using the Alberta AI Academy to train government workers and the public, with more than 10,000 public participants cited by Anthropic.

This is still a vendor-authored case study, so the missing piece is independent measurement: false positives, missed vulnerabilities, post-deployment incident rates, and the cost of review. Even so, the deployment is a useful marker. Coding agents are starting to enter the same budget conversation as vulnerability scanners, modernization contractors, and application security teams.

Share: Long

Related Articles