Anthropic Launches Claude Code Security — AI Finds 500+ Bugs, Rattles Cybersecurity Stocks

Anthropic announced Claude Code Security on February 20, 2026, as a limited research preview built directly into Claude Code on the web. The tool autonomously scans codebases for security vulnerabilities and suggests patches for human review. Shares of major cybersecurity software companies fell sharply on the day of the announcement.

How It Works

Unlike rule-based static analysis tools, Claude Code Security reasons through code the way a human security researcher would—understanding component interactions, tracing data flows throughout the application, and flagging vulnerabilities that pattern-matching tools miss. Findings undergo a multi-stage verification process that filters false positives and assigns severity ratings. Critically, nothing is applied automatically: developers always make the final call.

Results

Using Claude Opus 4.6, Anthropic's team discovered over 500 vulnerabilities in production open-source codebases—bugs that had gone undetected for decades despite years of expert review. Open-source repository maintainers can apply for expedited access.

Availability

The tool is currently a limited research preview for Enterprise and Team customers. The human-in-the-loop design ensures Claude Code Security identifies problems and proposes solutions, but developers retain full control over what gets patched.

Source: Anthropic Official Announcement