Anthropic Launches Claude Code Security Research Preview for Defensive Teams

Anthropic introduces Claude Code Security in research preview

Anthropic announced on February 20, 2026 that Claude Code Security is available in a limited research preview. The capability is built into Claude Code on the web and is designed to scan codebases for vulnerabilities, then propose targeted software patches for human review.

The announcement frames a familiar problem for security teams: vulnerability volume is rising while expert review capacity is constrained. Rule-based static analysis still catches common issues, but it can miss context-heavy flaws such as business-logic bugs and access-control failures.

From pattern matching to code reasoning

According to Anthropic, the system is intended to reason over code structure more like a human security researcher: tracking component interactions, following data flows, and surfacing issues that simple signature matching may overlook. Findings are not passed through as-is. Anthropic says each result is re-evaluated through a multi-stage verification process that attempts to confirm or disprove the model’s own finding before analyst review.

Operationally, the workflow is explicitly human-in-the-loop. Findings are presented in a dashboard with severity and confidence indicators, and suggested fixes require human approval. In other words, the model assists triage and patch drafting, but developers retain final control over changes.

Who gets access first

Anthropic says the rollout starts with Enterprise and Team customers, with expedited access for maintainers of open-source repositories. That release pattern reflects the dual-use nature of cyber capabilities: techniques that help defenders can also be useful to attackers if deployed without safeguards.

The post also links this launch to ongoing internal cyber research. Anthropic’s Frontier Red Team reports CTF testing, critical infrastructure defense experiments, and continued vulnerability triage. The company states that, using Claude Opus 4.6, its team identified more than 500 vulnerabilities in production open-source codebases and is handling disclosure with maintainers.

Community signal from Hacker News

The story was discussed on Hacker News (HN #47091469), where it had 128 points and 59 comments at crawl time. Community discussion focused on false-positive control, disclosure discipline, and whether AI-assisted findings can be integrated into existing secure SDLC pipelines without overwhelming security teams.

Overall, this launch suggests a shift from AI as a coding assistant to AI as a practical security co-analyst. The next milestone will be less about headline capability and more about measurable reduction in triage time and patch quality in real production workflows.

Sources: Anthropic announcement, Hacker News discussion