Cybersecurity has always been a cat-and-mouse game, but AI is rewriting the rules of the chase – and doing it faster than anyone expected. For years, defenders have had to scan enormous codebases manually, rely on signature-based detection tools that look for known patterns, and hope that nothing critical slipped through the cracks. Now, Anthropic wants to change that equation entirely. On April 30, 2026, the company launched Claude Security in public beta, opening it up to all Claude Enterprise customers and dropping what could be one of the most consequential security tools in recent memory.

Claude Security – previously called Claude Code Security when it debuted in a limited research preview about two months ago – is built on top of Claude Opus 4.7, Anthropic’s most powerful generally available model. The tool does something that sets it apart from most code-scanning software on the market right now: rather than searching for vulnerabilities by matching known patterns, it actually reasons about the code the way a human security researcher would. It traces how data flows through a system, maps how different components interact across files and modules, and builds an understanding of the logic running underneath – and then it uses that understanding to find the flaws that pattern-matching tools would miss entirely.

The stakes behind this launch are real, and Anthropic is not shy about saying so. The company has been openly concerned for months that AI is compressing the window between when a vulnerability is discovered and when it gets exploited. In other words, if attackers gain access to capable AI tools, they can find and weaponize software flaws much faster than defenders relying on older methods can respond. Claude Security is Anthropic’s answer to that threat – putting frontier AI in the hands of security teams before the balance tips too far in the wrong direction.

To understand how serious Anthropic is about this, you have to look at what they have been building in the background. In early April 2026, Anthropic quietly unveiled Project Glasswing, an initiative that brought together some of the biggest names in the tech industry – Amazon Web Services, Apple, Google, Microsoft, NVIDIA, Cisco, CrowdStrike, and JPMorgan Chase, among others. The thread connecting all of them is access to Claude Mythos Preview, Anthropic’s unreleased and most powerful model to date, which the company says can match or surpass even elite human security researchers at finding and exploiting software vulnerabilities. Anthropic backed the initiative with up to $100 million in usage credits and $4 million in direct donations to open-source security organizations. Claude Security, by contrast, is the more accessible public-facing piece of that broader strategy – powered by Opus 4.7, not Mythos, but still among the strongest models available for this kind of work.

During the two months of limited research preview before today’s public beta, hundreds of organizations of all sizes got to test Claude Security in production environments. The feedback they gave shaped what the tool looks like today. Three things came up consistently: teams wanted high-confidence findings that actually meant something, not a flood of false positives that drained engineering time; they wanted the gap between finding a vulnerability and pushing a fix to shrink dramatically; and they wanted continuous coverage, not one-off scans that gave a snapshot of the codebase at a single moment in time. Anthropic listened. Claude Security now includes a multi-stage validation pipeline that independently checks each finding before an analyst ever sees it, and attaches a confidence rating and severity score to every result.

On the workflow side, the improvements are tangible. Teams can now schedule scans on a regular cadence instead of running them ad hoc. There is the ability to target a specific directory or branch within a repository, dismiss findings with documented reasons so future reviewers do not retriage the same issue, and export findings as CSV or Markdown for existing audit workflows. Webhook support means results can flow automatically into Slack, Jira, or whatever ticketing system a team already relies on. When a vulnerability is confirmed and it is time to act, users can open the finding directly in Claude Code on the Web and work through the fix in full context – no switching tools, no starting from scratch.

The results from early adopters tell a compelling story. DoorDash’s Chief Security Officer said the tool surfaces deep vulnerabilities accurately and pipes findings directly into engineering workflows. Another team noted that Claude Security grasped the actual business logic behind their code – a distinction that matters because plenty of tools can find syntax-level issues, but understanding what code is supposed to do and how it could be abused in context is a much harder problem. Multiple security leads pointed to the same metric: vulnerabilities that previously would have required days of back-and-forth between security and engineering teams are now being patched in a single sitting, sometimes in minutes.

Access to Claude Security is not just through Anthropic directly. Opus 4.7’s capabilities are also being embedded into security platforms that enterprise teams already use and trust. CrowdStrike is integrating Opus 4.7 into its Falcon platform, Palo Alto Networks, SentinelOne, Wiz, and TrendAI are all following suit, and Microsoft Security is part of the lineup as well. For organizations that prefer a services-led approach, firms like Accenture, BCG, Deloitte, Infosys, and PwC are now helping companies deploy Claude-integrated security solutions across vulnerability management, secure code review, and incident response programs. The idea is that no matter how an organization prefers to operate – whether directly in Claude Security, through a platform they already run, or guided by an external services team – the same frontier capabilities should be accessible to them.

As of now, Claude Security in public beta is available to Claude Enterprise customers starting today. Access for Claude Team and Max customers is coming soon, though Anthropic has not announced a specific date for that rollout. For organizations whose work might trigger Claude’s built-in cyber safeguards – think penetration testers and red teams doing work that legitimately resembles attack behavior – Anthropic has set up a Cyber Verification Program to give those teams the access they need without getting flagged. Admins on Enterprise accounts can enable Claude Security directly from the admin console and get started today at claude.ai/security, with no API integration or custom agent setup required.