Zach Anderson
Feb 20, 2026 18:35
Anthropic’s new Claude Code Safety device discovered 500+ vulnerabilities in open-source initiatives. Enterprise and open-source maintainers can apply for early entry.
Anthropic unveiled Claude Code Safety on February 20, a brand new AI-powered vulnerability scanner that reportedly found over 500 safety flaws in manufacturing open-source codebases—bugs that evaded detection for many years regardless of skilled overview. The device is now out there in restricted analysis preview for Enterprise and Crew clients, with expedited free entry for open-source maintainers.
The announcement marks a major growth of Anthropic’s safety tooling. Again in August 2025, the corporate added fundamental safety overview options to Claude Code, together with terminal-based scanning and automatic GitHub pull request critiques. This new launch goes significantly additional.
How It Differs From Conventional Scanners
Most safety evaluation instruments depend on sample matching—they flag identified vulnerability signatures like uncovered credentials or outdated encryption. Claude Code Safety takes a distinct method, in line with Anthropic. As an alternative of scanning for predetermined patterns, it reads code contextually, tracing knowledge move and analyzing how parts work together.
Consider it just like the distinction between spell-check and having an editor learn your work. The previous catches apparent errors; the latter understands what you are really attempting to say.
The system runs findings by way of multi-stage verification earlier than surfacing them to analysts. Claude primarily argues with itself, trying to disprove its personal discoveries to filter false positives. Every validated discovering will get a severity ranking and confidence rating, with recommended patches prepared for human overview.
Nothing ships robotically. Builders approve each repair.
The Offensive-Defensive Arms Race
This is the uncomfortable actuality Anthropic is acknowledging: the identical AI capabilities that assist defenders discover vulnerabilities may also help attackers exploit them. The corporate’s Frontier Purple Crew has been testing Claude’s offensive and defensive capabilities by way of aggressive capture-the-flag occasions and demanding infrastructure protection experiments with Pacific Northwest Nationwide Laboratory.
Their latest analysis demonstrated Claude can detect novel, high-severity vulnerabilities—the sort of zero-days that command premium costs on exploit markets. By releasing Claude Code Safety, Anthropic is betting that giving defenders these instruments first creates a internet safety profit.
“Attackers will use AI to search out exploitable weaknesses quicker than ever,” the corporate said. “However defenders who transfer rapidly can discover those self same weaknesses, patch them, and cut back the danger of an assault.”
What This Means for Builders
For crypto initiatives and DeFi protocols—the place a single sensible contract vulnerability can drain thousands and thousands—this sort of tooling may show precious. The five hundred+ vulnerabilities Anthropic claims to have discovered are at the moment going by way of accountable disclosure with maintainers.
The device builds on Claude Code’s current permission-based structure, which defaults to read-only entry and requires express approval for file edits or command execution. Enterprise customers can combine findings into current workflows because it runs inside Claude Code’s commonplace interface.
Open-source maintainers can apply without cost entry at claude.com/contact-sales/safety. Given the frequency of provide chain assaults concentrating on widely-used packages, smaller initiatives that lack devoted safety groups may profit most.
Whether or not Claude Code Safety lives as much as its billing stays to be seen. However with AI-assisted code technology accelerating improvement velocity throughout the business, AI-assisted safety overview was most likely inevitable.
Picture supply: Shutterstock
