Zach Anderson
Feb 20, 2026 18:35
Anthropic’s new Claude Code Safety instrument discovered 500+ vulnerabilities in open-source tasks. Enterprise and open-source maintainers can apply for early entry.
Anthropic unveiled Claude Code Safety on February 20, a brand new AI-powered vulnerability scanner that reportedly found over 500 safety flaws in manufacturing open-source codebases—bugs that evaded detection for many years regardless of skilled evaluation. The instrument is now accessible in restricted analysis preview for Enterprise and Group clients, with expedited free entry for open-source maintainers.
The announcement marks a major growth of Anthropic’s safety tooling. Again in August 2025, the corporate added primary safety evaluation options to Claude Code, together with terminal-based scanning and automatic GitHub pull request evaluations. This new launch goes significantly additional.
How It Differs From Conventional Scanners
Most safety evaluation instruments depend on sample matching—they flag recognized vulnerability signatures like uncovered credentials or outdated encryption. Claude Code Safety takes a distinct method, in keeping with Anthropic. As a substitute of scanning for predetermined patterns, it reads code contextually, tracing knowledge stream and analyzing how parts work together.
Consider it just like the distinction between spell-check and having an editor learn your work. The previous catches apparent errors; the latter understands what you are really attempting to say.
The system runs findings by means of multi-stage verification earlier than surfacing them to analysts. Claude basically argues with itself, making an attempt to disprove its personal discoveries to filter false positives. Every validated discovering will get a severity score and confidence rating, with urged patches prepared for human evaluation.
Nothing ships robotically. Builders approve each repair.
The Offensive-Defensive Arms Race
Here is the uncomfortable actuality Anthropic is acknowledging: the identical AI capabilities that assist defenders discover vulnerabilities will help attackers exploit them. The corporate’s Frontier Purple Group has been testing Claude’s offensive and defensive capabilities by means of aggressive capture-the-flag occasions and demanding infrastructure protection experiments with Pacific Northwest Nationwide Laboratory.
Their current analysis demonstrated Claude can detect novel, high-severity vulnerabilities—the form of zero-days that command premium costs on exploit markets. By releasing Claude Code Safety, Anthropic is betting that giving defenders these instruments first creates a internet safety profit.
“Attackers will use AI to seek out exploitable weaknesses quicker than ever,” the corporate said. “However defenders who transfer rapidly can discover those self same weaknesses, patch them, and scale back the chance of an assault.”
What This Means for Builders
For crypto tasks and DeFi protocols—the place a single sensible contract vulnerability can drain tens of millions—this sort of tooling may show worthwhile. The five hundred+ vulnerabilities Anthropic claims to have discovered are at the moment going by means of accountable disclosure with maintainers.
The instrument builds on Claude Code’s present permission-based structure, which defaults to read-only entry and requires specific approval for file edits or command execution. Enterprise customers can combine findings into present workflows because it runs inside Claude Code’s commonplace interface.
Open-source maintainers can apply free of charge entry at claude.com/contact-sales/safety. Given the frequency of provide chain assaults concentrating on widely-used packages, smaller tasks that lack devoted safety groups would possibly profit most.
Whether or not Claude Code Safety lives as much as its billing stays to be seen. However with AI-assisted code era accelerating growth velocity throughout the trade, AI-assisted safety evaluation was most likely inevitable.
Picture supply: Shutterstock