Anthropic launches Claude Code Security – Cybersecurity stocks lose value
Anthropic's AI tool Claude Code Security analyzes code contextually rather than based on rules. The stock market reacts nervously, with share prices falling.
(Image: tadamichi/Shutterstock.com)
Anthropic has introduced “Claude Code Security,” a new feature integrated directly into the web-based version of Claude Code. The tool scans codebases for security vulnerabilities and suggests targeted software patches for human review, as the company announced on its website. The feature is initially available as a limited research preview for enterprise and team customers. Maintainers of open-source projects can apply for free and expedited access.
According to Anthropic's announcement, the tool aims to address a fundamental problem in IT security: there are too many software vulnerabilities and too few experts to deal with them. While many analysis tools focus on finding known patterns, attackers are increasingly exploiting subtle, context-dependent security flaws.
Context-based analysis instead of pattern matching
According to Anthropic, widespread static code analysis works on a rule-based system: it compares code against known vulnerability patterns, finding things like exposed passwords or outdated encryption. However, more complex errors – such as those in business logic or access controls – often remain undetected.
Claude Code Security takes a different approach: instead of searching for known patterns, the AI reads and analyzes the code as a human security officer would. The system examines how components interact and how data flows through an application. Every finding undergoes a multi-stage verification process. According to Anthropic's announcement, Claude also reviews its own results, attempts to confirm or refute them, and filters out false positives. The system then assigns severity and confidence scores to the remaining findings.
The validated results are provided in a dashboard where security teams can review and approve proposed patches. Nothing is applied without human consent – the final decision always rests with the developers, Anthropic officials emphasize.
Videos by heise
Over 500 vulnerabilities found in open-source projects
Anthropic presents Claude Code Security as the result of more than a year of research. The in-house Frontier Red Team has systematically tested Claude's cybersecurity capabilities, including in capture-the-flag competitions and in partnership with the Pacific Northwest National Laboratory to protect critical infrastructure.
With the Claude Opus 4.6 model released at the beginning of the month, the team claims to have found over 500 vulnerabilities in production open-source codebases – errors that remained undiscovered despite decades of expert reviews. Disclosure to the respective maintainers is currently ongoing. The company also uses Claude to review its own code and has classified the tool as “extremely effective” in this regard. Claude Code Security is now intended to make these capabilities accessible to a broader user base.
In this context, however, Anthropic admits that the same capabilities that help defenders could also benefit attackers. Claude Code Security is specifically intended to help defenders protect code against a “new category of AI-powered attacks.”
Cybersecurity stock prices plummet
The announcement had an immediate impact on the stock market. According to Bloomberg, share prices of numerous cybersecurity companies fell significantly on February 20, 2026. For example, CrowdStrike shares lost 8 percent, Cloudflare 8.1 percent, Zscaler 5.5 percent, SailPoint 9.4 percent, and Okta 9.2 percent. The Global X Cybersecurity ETF fell by 4.9 percent, closing at its lowest level since November 2023.
According to Bloomberg, the sell-off is part of a broader trend: the iShares Expanded Tech-Software Sector ETF has lost about 23 percent since the beginning of the year and is heading for its largest quarterly percentage decline since the 2008 financial crisis. Many investors fear that the possibility of so-called “vibe coding” – AI-assisted software development – could reduce demand for established software products and put pressure on providers' growth, margins, and pricing.
Analysts: Short-term headwinds, long-term opportunities
“There's a steady sell-off in software, and today the security sector is hit with a mini-flash crash on a headline,” said Dennis Dick, Head Trader at Triple D Trading, told Bloomberg. “This kind of market is scary for investors because prices relentlessly go down as soon as there's even a hint of disruption.”
However, Jefferies analyst Joseph Gallo expects the cybersecurity sector to ultimately be a net beneficiary of AI, according to Bloomberg. Nevertheless, setbacks due to “headlines” are likely to intensify before clarity emerges and the safeguarding of AI systems itself becomes a growth driver for the industry. The medium- to long-term implications of Anthropic's announcement are that AI providers will bring more products to market and compete for additional cybersecurity budgets.
In recent months, Anthropic has continuously expanded Claude's capabilities – from the release of Claude Sonnet 4.6 with a context window of one million tokens to the provision of Claude Code as a web-based platform. Meanwhile, the departure of a senior IT security researcher at Anthropic fuels concerns about the increasing use of AI and the dangers of its misuse.
(map)
