Anthropic launched Claude Security in public beta, integrated into Claude Code on the web. The feature lets developers point it at a repository and receive validated vulnerability findings.
Key facts
- Claude Security entered public beta on March 15, 2026
- Built into Claude Code on the web
- Developers point it at a repo for findings
- Fixes happen in the same editor environment
- No disclosed detection methodology or false-positive rate
Claude Security is now in public beta, built into Claude Code on the web, according to a post by Anthropic's Cat Wu on X. Point it at a repo, get validated vulnerability findings, and fix them in the same place you're already writing code [per @_catwu].
The feature targets developers already using Claude Code, collapsing the security review loop from separate tools into the editor. Anthropic did not disclose the number of beta users, the types of vulnerabilities detected, or a timeline for general availability.
What this replaces
Traditionally, developers run SAST tools like Semgrep or Snyk in CI/CD pipelines, then manually triage findings in a separate dashboard. Claude Security skips the dashboard step — findings appear in the editor where the developer is already working. The integration builds on Claude's existing code analysis capabilities, which include static analysis and dependency scanning.
The unique take: this is less about better vulnerability detection and more about workflow compression. Anthropic is betting that the biggest security bottleneck isn't finding bugs but fixing them — and that placing detection inside the LLM-powered editor removes the context-switch cost that typically delays remediation.
Public beta constraints
The announcement does not specify which languages or vulnerability classes are supported, whether findings are generated via static analysis, runtime hooks, or LLM-based pattern matching, or how false-positive rates compare to established tools. [According to the company's blog post], Claude Code itself remains in beta on the web, so the combined offering is a beta built on a beta — a signal that Anthropic is iterating fast rather than waiting for production-hardened reliability.
Competitive landscape
GitHub Copilot offers code scanning via GitHub Advanced Security, but findings appear in pull requests and the GitHub UI, not inline in the Copilot chat. Cursor has not announced a dedicated security scanning layer. Claude Security's direct integration into the editing surface is novel among AI coding assistants, though it remains to be seen whether developers trust an LLM's judgment on security vulnerabilities without a separate validation pipeline.
What to watch
Watch for Anthropic to disclose supported vulnerability classes, detection methodology (static vs. LLM-based), and false-positive rates in a technical blog post or paper. Also watch whether GitHub, Cursor, or JetBrains respond with similar inline security features in their AI assistants within 90 days.
