Anthropic just pushed Claude Security into public beta for Enterprise customers (Currently Enterprise-only, with Team and Max access coming later). It scans your codebase like a security researcher would: traces data flows across files, understands business logic, finds vulnerabilities that pattern-matching tools miss, and proposes patches you review and approve. Reference: https://claude.com/product/claude-security What it actually does: Parallel scanning of code with multi-file context Adversarial self-verification on every finding to cut false positives Suggested patches that match your existing code style Pushes findings to Slack, Jira, or webhooks Scoped scans (subdirectory level) and scheduled scans Powered by the same models Anthropic uses internally for its own security The good: This is genuinely a leap. Traditional SAST tools drown teams in false positives and miss anything that needs cross-file reasoning. An LLM that actually understands what the code is doing, then writes the fix, is the right shape of tool for the problem. The fact that Anthropic eats its own dog food on this is a real signal. The uncomfortable part: Same capability that finds bugs for defenders finds bugs for attackers. Anthropic published their own research on “LLM-discovered 0-days” so they’re clearly aware of it. Their bet is that defenders deploying this first creates an asymmetry in favor of the good guys. Maybe. What I keep coming back to though: a successful Claude Security deployment produces a concentrated, validated, well-explained list of exactly where your software is broken. If that list leaks (compromised Slack webhook, an insider, an exported CSV in the wrong S3 bucket), an attacker gets a pre-built attack plan. The product doesn’t create new attack surface against random websites, but it does create a very high-value internal artifact that needs to be guarded like crown jewels. Anyone here from a security team actually trying it? Curious whether the false positive rate holds up in practice and how teams are handling the finding-storage problem. submitted by /u/Intelligent-Lynx-953
Originally posted by u/Intelligent-Lynx-953 on r/ArtificialInteligence