Claude Security public beta: scans codebase, validates own findings, proposes patches

Anthropic just released Claude Security in public beta for Enterprise customers. Instead of rule-based pattern matching (fast, cheap, flood of false positives), it reasons through code like a security researcher — reading Git history, tracing data flows across files, and understanding business logic. The goal is catching vulnerabilities that only make sense in context, which pattern matchers structurally cannot find.

Key features

• Scans for high-severity issues: memory corruption, injection flaws, auth bypasses, complex logic errors
• Validates findings internally via adversarial self-verification before surfacing — Claude challenges its own results
• Proposes a concrete patch per finding, maintaining your code's structure and style
• Pushes findings to Slack, Jira, or any system via webhooks
• Lets you scope scans to specific directories or run them on a schedule

Design decision that matters

The standout architecture: every finding goes through an adversarial self-verification step before it surfaces. It's not just "AI finds bugs," it's "AI argues with itself before reporting." This dramatically improves signal-to-noise ratio compared to traditional scanners.

Human remains in control

Every patch requires review and approval before anything gets merged. Claude Security is built on the same models Anthropic uses to secure its own codebase — an honest signal of internal confidence.

Availability

Currently Enterprise-only. Team and Max plans coming later. This is early — AI-generated patches on critical systems need careful review — but the direction (AI that validates its own reasoning before surfacing results) is the right one for security tooling.