Anthropic’s Claude Code Security is now available as a limited research preview inside Claude Code on the web, aiming to help security and engineering teams spot vulnerabilities and draft fixes that can slip past traditional tooling. The release is positioned around a familiar pain point for defenders: sprawling backlogs, limited staff time, and an ecosystem where many automated scanners still primarily catch what they already “know” how to look for.
Moving past pattern-matching static analysis
Traditional static analysis is often rule-driven—effective at flagging common mistakes like exposed secrets or weak cryptography choices, but less reliable when weaknesses are context-dependent, tied to business logic, or rooted in broken access control. Claude Code Security’s approach is described differently: it attempts to read and reason through a codebase more like a human security researcher, mapping how components interact and tracing data flow through an application to surface higher-order issues.
That framing matters, because many real-world security failures aren’t isolated one-liners; they’re emergent properties of how code paths, permissions, and assumptions compose.
Verification stages, severity, and confidence—before a human ever hits “approve”
A key detail is the multi-stage verification process applied to each finding before it appears for analyst review. Claude re-checks its own work, attempting to prove or disprove flagged issues to reduce false positives. Findings are then surfaced in a dashboard with:
- Severity ratings, helping teams prioritize remediation work
- Confidence ratings, acknowledging that source alone may not fully capture runtime or environment nuance
- Suggested patches, presented specifically for human review
No fixes are applied automatically; Claude Code Security proposes and explains, while developers and security reviewers decide what lands.
Built on a year of security-focused evaluation
Anthropic links Claude Code Security to more than a year of internal and external security work, including participation in competitive Capture-the-Flag events and a partnership with Pacific Northwest National Laboratory focused on defending critical infrastructure. The announcement also points to work using Claude Opus 4.6, where the company says it found over 500 vulnerabilities in production open-source codebases, with triage and responsible disclosure in progress.
Availability and access
The limited research preview opens Feb 20, 2026 to Enterprise and Team customers, with expedited access available for open-source maintainers. Applications are handled via claude.com/contact-sales/security, and additional product information is available at claude.com/solutions/claude-code-security.