AI อะไรเนี่ย

Tools

Claude Code Security: AI that finds and patches vulnerabilities like a human researcher

Claude Code Security: AI that finds and patches vulnerabilities like a human res

Claude Code Security is a new capability built into Claude Code on the web. It scans codebases for security vulnerabilities and suggests targeted patches for human review—so teams can find and fix issues that traditional, rule-based tools often miss. It’s available now in a limited research preview for Enterprise and Team customers, with expedited access for open-source maintainers.

What it does

Claude Code Security reads and reasons about your code the way a human security researcher would: it understands how components interact, traces how data moves through your application, and surfaces complex vulnerabilities—flaws in business logic, broken access control, and other context-dependent bugs—that static analysis rules typically don’t catch. Every finding goes through a multi-stage verification process so Claude can try to prove or disprove its own results and cut down false positives. You get severity ratings (so you can prioritize) and confidence ratings (so you know how much to trust each finding). Everything shows up in a dashboard where your team can review suggested patches and approve fixes. Nothing is applied automatically: Claude identifies problems and proposes solutions; developers always make the call.

Why it matters

  • Too many vulns, not enough people — Security teams are drowning in backlogs. Rule-based tools help with known patterns (exposed secrets, outdated crypto) but miss the subtle, novel issues that attackers actually exploit. Claude Code Security aims to extend what defenders can do without scaling headcount.
  • Defenders get the same edge as attackers — AI is already being used to find exploitable weaknesses faster. This tool is built to put that capability in defenders’ hands: find the same bugs first, patch them, and raise the baseline for everyone.
  • Fits into the workflow you already use — Because it’s built on Claude Code, you review findings and iterate on fixes inside the same environment. No context switching, no “export to another tool” dance.

Anthropic has been stress-testing these abilities for over a year—including competitive Capture-the-Flag events and work with Pacific Northwest National Laboratory on critical infrastructure defense. With Claude Opus 4.6, their team found over 500 vulnerabilities in production open-source codebases—bugs that had gone undetected for years. Claude Code Security is the productized version of that research, aimed at making the same defensive power available to more teams.

How to try it

Access is currently limited. Enterprise and Team customers can join the research preview and work directly with Anthropic to refine the tool. Open-source maintainers can apply for free, expedited access. There’s no general signup yet—they’re rolling it out carefully so the capability is deployed responsibly.

Try it: Apply for Claude Code Security access or read more at claude.com/solutions/claude-code-security.