Zach Anderson
Feb 20, 2026 18:35
Anthropic’s new Claude Code Safety instrument discovered 500+ vulnerabilities in open-source tasks. Enterprise and open-source maintainers can apply for early entry.
Anthropic unveiled Claude Code Safety on February 20, a brand new AI-powered vulnerability scanner that reportedly found over 500 safety flaws in manufacturing open-source codebases—bugs that evaded detection for many years regardless of skilled assessment. The instrument is now out there in restricted analysis preview for Enterprise and Staff clients, with expedited free entry for open-source maintainers.
The announcement marks a major enlargement of Anthropic’s safety tooling. Again in August 2025, the corporate added fundamental safety assessment options to Claude Code, together with terminal-based scanning and automatic GitHub pull request evaluations. This new launch goes significantly additional.
How It Differs From Conventional Scanners
Most safety evaluation instruments depend on sample matching—they flag identified vulnerability signatures like uncovered credentials or outdated encryption. Claude Code Safety takes a special strategy, in response to Anthropic. As a substitute of scanning for predetermined patterns, it reads code contextually, tracing information circulation and analyzing how elements work together.
Consider it just like the distinction between spell-check and having an editor learn your work. The previous catches apparent errors; the latter understands what you are truly attempting to say.
The system runs findings via multi-stage verification earlier than surfacing them to analysts. Claude primarily argues with itself, trying to disprove its personal discoveries to filter false positives. Every validated discovering will get a severity ranking and confidence rating, with steered patches prepared for human assessment.
Nothing ships robotically. Builders approve each repair.
The Offensive-Defensive Arms Race
Here is the uncomfortable actuality Anthropic is acknowledging: the identical AI capabilities that assist defenders discover vulnerabilities can assist attackers exploit them. The corporate’s Frontier Crimson Staff has been testing Claude’s offensive and defensive capabilities via aggressive capture-the-flag occasions and important infrastructure protection experiments with Pacific Northwest Nationwide Laboratory.
Their latest analysis demonstrated Claude can detect novel, high-severity vulnerabilities—the type of zero-days that command premium costs on exploit markets. By releasing Claude Code Safety, Anthropic is betting that giving defenders these instruments first creates a web safety profit.
“Attackers will use AI to search out exploitable weaknesses quicker than ever,” the corporate said. “However defenders who transfer shortly can discover those self same weaknesses, patch them, and cut back the chance of an assault.”
What This Means for Builders
For crypto tasks and DeFi protocols—the place a single sensible contract vulnerability can drain hundreds of thousands—this sort of tooling may show useful. The five hundred+ vulnerabilities Anthropic claims to have discovered are presently going via accountable disclosure with maintainers.
The instrument builds on Claude Code’s current permission-based structure, which defaults to read-only entry and requires specific approval for file edits or command execution. Enterprise customers can combine findings into current workflows because it runs inside Claude Code’s commonplace interface.
Open-source maintainers can apply totally free entry at claude.com/contact-sales/safety. Given the frequency of provide chain assaults focusing on widely-used packages, smaller tasks that lack devoted safety groups may profit most.
Whether or not Claude Code Safety lives as much as its billing stays to be seen. However with AI-assisted code technology accelerating improvement velocity throughout the business, AI-assisted safety assessment was in all probability inevitable.
Picture supply: Shutterstock
