Artificial intelligence (AI) company Anthropic has begun rolling out new security features in Claude Code that can scan users’ software codebases to find vulnerabilities and suggest patches.
This feature, called Claude Code Security, is currently available in limited research preview for Enterprise and Team customers.
“By scanning codebases for security vulnerabilities and recommending targeted software patches for human review, we enable teams to find and fix security issues that would otherwise be missed using traditional methods,” the company said in an announcement Friday.
According to Anthropic, this feature aims to leverage AI as a tool to help discover and resolve vulnerabilities in order to counter attacks where threat actors arm themselves with the same tools to automate vulnerability discovery.
Now that AI agents can detect security vulnerabilities that have eluded humans, adversaries may be able to leverage the same capabilities to find exploitable weaknesses faster than before, the technology startup said. Claude Code Security is designed to counter these types of AI-powered attacks by giving defenders an edge and improving security baselines, the company added.
Anthropic claimed that Claude Code Security goes beyond static analysis and scanning for known patterns by not only reasoning through the codebase like a human security researcher, but understanding how different components interact, tracing data flows throughout an application, and flagging vulnerabilities that might be missed by rules-based tools.
Each identified vulnerability goes through what we call a multi-step validation process, where results are re-analyzed to eliminate false positives. Vulnerabilities are also assigned severity ratings, allowing teams to focus on the most important vulnerabilities.
The final results are visible to analysts on the Claude Code Security dashboard, where teams can review and approve code and proposed patches. Anthropic also emphasized that the system’s decision-making is done through a human-involved (HITL) approach.
“Since these issues often contain nuances that are difficult to assess from the source code alone, Claude also provides confidence ratings for each finding,” Antropic said. “Nothing is applied without human approval. Claude Code Security identifies problems and suggests solutions, but it’s always the developer who makes the call.”
Source link
