Editor’s note: The following is a sponsored blog post from QA.
Anthropic recently introduced Claude Code Security. So, what is Claude Code Security?
It’s Anthropic’s answer to address insecure code, a companion to Claude Code, by scanning codebases for vulnerabilities and suggesting targeted patches for human review. You could be confused by the name – many are (perhaps this is intentional as OpenAI introduces its “Trusted Access” for cyber; I’ll cover another time). Is this a meaningful moment for application security? Short answer: not yet, but maybe, so keep reading.
We continue to expect AI to move from writing code to analyzing and securing it. Should Claude Code already, by default, produce “secure code?” If only it were that easy. It does explain the complex nature of creating secure software where many security issues can only be discovered at runtime, outside the sandbox, with real-world conditions.
Claude Code Security can replace or coexist with any static code analysis tool. It effortlessly scans code repositories, reasons across files, maps data flows and makes recommendations for review. The review process is designed for humans. In the long run, this will also become AI augmented. For today, the role of the human reviewer is seen as a skilled developer, security engineer or tester.
It can and does detect context-dependent software vulnerabilities that traditional static analysis tools can miss. So that’s good and useful. It can read the codebase holistically and follow the data movement within functions and services, operating as a basic security reviewer, rather than just a code scanning tool. However, the current version cannot easily understand how components interact and how trust boundaries are enforced. But we know this. That’s why we also use dynamic code analysis tools.
I’m a big fan of the software engineering community using any tool for vulnerability discovery and remediation guidance, especially if they are natively embedded directly into development CI/CD workflows. To get the best outcome, does that mean the engineer should also be using Claude Code as their primary agent? Claude Code Security is still in limited research preview, with OpenAI signaling similar toolsets. Expect challengers and agentic AI tooling tie-in to drive material growth in this space.
Application security is becoming AI-native
What about the rest of the Application Security lifecycle providing repeatable controls, secure by design assurance and auditable evidence? Programs that reduce false positives, prioritize risk and integrate security gates into CI/CD pipelines. Finding issues is not the same as enforcing security and enterprise governance. Claude Code Security does helps developers identify and fix vulnerabilities. It’s a useful analysis capability, not an assurance system. This distinction is important.
Manual code review, vulnerability triage and testing will become much faster, with fewer cycles. Security consulting companies selling services on time-intensive large code review will see the most disruption. When vulnerability discovery becomes cheaper, more capability will move in-house.
Will security teams accept the results?
I can tell you, amongst other things, security teams care about coverage. Did we detect every instance of a weakness or vulnerability? Can we prove it? Will the regulator accept the use of an AI tool, with or without human oversight? Can we reproduce the results? AI reasoning isn’t yet able to provide that level of assurance.
Did we automate the remediation without considering the next risk in the chain? As often happens, a suggested fix can remove one vulnerability while introducing another. Changing data handling logic can alter authorization behavior and changing input validations can break trust boundaries. Human oversight to review the findings and recommendations will remain essential, for now.
Questions of vendor trust and AI assurance
There is also a broader strategic dimension. Frontier AI systems are becoming embedded in enterprise and defense workflows. Questions of vendor trust, guardrails, AI assurance and supply chain risk now extend to AI platforms themselves.
A dispute between the US Department of Defense (War) and Anthropic this month turned into a public fight over how AI should be used in warfare. While this isn’t about Claude Code Security, it’s not an issue about technical performance. It is about limits, control, and accountability, which will have wider security ramifications.
Anthropic says Claude should not be used for surveillance or fully autonomous weapons that operate without human control. The Pentagon maintains these restrictions are too limiting and wants flexibility for “any lawful use.” This is a test case for the future of military AI. Claude is already used in classified defense environments for intelligence and operational planning. Its growing role raises concerns about AI-driven decision systems that influence targeting and military operations but remain largely unregulated.
The dispute exposes a deeper divide. I wrote about these very issues some time back, predicating this friction.
The laws and global rules for AI in defense and national security are still unclear. Western governments and the tech giant companies are now shaping those boundaries in real time. The outcome will influence how AI within a security context is used, who controls it and how accountability is enforced.
The AI security attack surface
AI security tooling does introduce a new attack surface. We’ve seen recent systems with access to repositories, pipelines and build environments become high-value targets. Prompt injection, workflow manipulation and automated privilege abuse are real threats. AI integrated into development pipelines must be treated as part of the software supply chain.
There is an irony here as Anthropic accuses Chinese AI firms of running large-scale operations to extract capabilities from its Claude models. It estimates that over 16 million interactions have been generated through thousands of fake accounts, bypassing access controls to copy Claude’s behavior using model distillation, a technique that trains smaller models on the outputs of more advanced ones.
Anthropic suggests that this is both a commercial and national security risk, warning that copied capabilities may lack safety guardrails and could be used in military or intelligence systems.
Improving outcomes
As a former CISO, I see the longer-term impact as structural. As vulnerability discovery becomes cheaper and more accessible, vendor dependency reduces. Security teams are constantly seeking to drive security to the left of the software project timeline. The value could move from finding bugs to enforcing security posture across complex environments. The fact that Claude Code doesn’t yet have Claude Code Security enabled as a feature by default tells the real story.
Claude Code Security is useful and will improve developer productivity and drive early vulnerability detection in those environments that were not already using half a dozen security tools. For those in the highly regulated space, efficiency gains are coming and closer collaboration with security teams is inevitable. If the US government doesn’t reach a compromise with Anthropic, expect wider implications and opportunities for the other AI players.
For the software engineering community, we are at a profound inflection point for that role and the wider security industry. Anticipate more agentic efficiency tools in the name of security, which support and drive adoption. Will the creative aspects of the developer role be reduced over time to human oversight? Perhaps. In the short term, the future is not about AI replacing Application Security. The future is AI embedded inside mature security engineering practices.
I expect those organizations with strong development discipline to gain leverage from these capabilities. The disruption is real. The responsibility remains human.
