Claude Security: Anthropic launches vulnerability scanner for businesses

Contents

No Thursday without a new language model: Anthropic opens the beta test for Claude Security. The product, specialized in Artificial Intelligence, is designed to scan source code for vulnerabilities and suggest targeted patches for human review. It is available immediately to all Claude Enterprise customers – accessible directly via the Claude.ai sidebar or at claude.ai/security. An expansion to Team and Max customers is planned. At the core of the offering, according to Anthropic, is the recently released language model Claude Opus 4.7.

Claude Security – formerly Claude Code Security – has been tested by hundreds of companies in a limited research preview over the past two months, according to the company. Based on feedback, planned and targeted scans, better integration into audit systems, and improved tracking of findings have been added. An API integration or custom agent development are not necessary: Anyone already using Claude can get started immediately, writes Anthropic.

The model is said to analyze code not by pattern matching, but by understanding interactions between components across files and modules and tracking data flows – similar to an experienced security researcher, Anthropic describes the process. For each finding, Claude Security provides an explanation with a confidence score, severity, likely impact, and reproduction path. Found vulnerabilities can be fixed directly in Claude Code on the web. Results can be exported as CSV or Markdown or forwarded via webhook to Slack, Jira, and other tools.

Companies from the early testing phase report, according to the operator, having gone from scan to finished patch in a single session – instead of days of back-and-forth between security and development teams. Among the technology partners looking to integrate Opus 4.7 into their platforms are CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, TrendAI, and Wiz. Consulting firms such as Accenture, BCG, Deloitte, Infosys, and PwC are said to support companies in their implementation.

Deliberately throttled? Claude 4.6 more hesitant with exploit questions

Anyone who has recently asked Claude Opus 4.6 about exploits or vulnerability details may have noticed increasing reluctance – this is likely no coincidence. In the fine print for Claude Security, Anthropic writes that Opus 4.7 is equipped with new safeguards designed to automatically detect and block requests related to prohibited or high-risk security applications. Organizations legitimately working in this area may qualify for a “Cyber Verification Program,” the company states.

Mythos remains exclusive – and politically explosive

Claude Security is the broad offering; the more powerful model “Mythos” remains such for most. In early April, Anthropic introduced Mythos Preview, an AI model that, according to its own statements, is so dangerous that it should not be made publicly accessible. Under “Project Glasswing,” only about 40 selected critical infrastructure companies – including Apple, AWS, Cisco, Google, Microsoft, and Nvidia – currently have access to search their systems for vulnerabilities.

Anthropic's plan to expand this circle to around 70 more companies is now encountering political resistance. According to a report by the Wall Street Journal, the White House has informed the company that it opposes the expansion. Security concerns are cited as reasons, as well as the worry that Anthropic may simply not have enough computing capacity to serve so many users without affecting the US government's own usage.

Mythos is also causing nervousness in Germany. BSI President Claudia Plattner already stated shortly after its introduction that she expects “upheavals in the handling of security vulnerabilities and in the overall vulnerability landscape.” She questioned whether such powerful tools will even be available on the open market in the medium term.

Specialization as a strategy

Claude Security fits into a discernible product strategy: following Claude Code for software development and Claude Design for creative tasks, the security product now follows. The entire industry is following this trend towards specialization. OpenAI presented GPT-5.5 last week, which also focuses heavily on agentic work – and already announced GPT-5.4-Cyber in mid-April, a variant with relaxed security restrictions for verified security researchers. As a European alternative, the French company Mistral presented Mistral Medium 3.5 – an open-weights model with the selling points of data sovereignty and self-hosting.

(vza)