Claude Security is Anthropic's new AI cyber tool, shipped to Enterprise public beta on 28 May 2026 and built on Opus 4.7.
The launch is the production endpoint of the Mythos → Glasswing → Claude Code lineage. According to the Anthropic announcement, Anthropic's own 30-day internal deployment of Claude Security found 500+ bugs in production open-source projects. The tool scans codebases for context-dependent vulnerabilities — bugs where the security issue depends on how the code is used, not just on a pattern match against a rules library.
💡By the numbers. 500+ bugs found inside Anthropic's own 30-day internal deployment of Claude Security across production open-source projects. Built on Opus 4.7. Shipped to Enterprise public beta 28 May 2026. The Mythos line — first as a research artefact, then as Glasswing (10,000 vulnerabilities disclosed), then as Claude Code's security mode, now as a billing surface.
Where Claude Security sits in the lineage
Three stages preceded the public beta. Mythos was the research artefact — Anthropic's internal red-team programme that demonstrated frontier-AI offensive capability inside a controlled boundary. Glasswing was the productisation move — the disclosure of 10,000 critical vulnerabilities found in one month across major open-source projects, covered on humphreytheodore.com in the Glasswing piece.
Claude Code's security mode was the intermediate ship — the same capability folded into the agentic developer environment, covered in the Mythos / Claude Code piece. Claude Security on 28 May 2026 is the GA endpoint: defender-side capability with a billing surface, ready for enterprise customers.
The progression matters because it inverts the historical pattern. Frontier AI cyber capability has typically arrived on the offensive side first — research artefacts demonstrating jailbreak, prompt injection, model exfiltration. Anthropic's path puts the defender capability into production before the offensive capability is broadly distributed. The lineage shows the company shipping defender tools at the same cadence as the underlying model capability matures.
What Claude Security actually does
Claude Security scans codebases for vulnerabilities that depend on context — how a function is called, what data it receives, what privileges it runs under — not just on whether a pattern matches a CVE rule library. Rules-based scanners (Snyk, GitHub Advanced Security in its non-AI mode, Semgrep without AI augmentation) miss this category because the rule cannot encode the full call graph. Claude Security treats the codebase as something it can reason about end-to-end. According to Anthropic, the 500+ bugs found in 30 days of internal use are bugs the company's existing scanner stack had missed.
The bug-class breakdown Anthropic published in the announcement points at the same picture. The findings include authentication bypasses that depend on the calling context, race conditions that only surface under specific load patterns, and information-disclosure paths that emerge from how multiple modules interact. Each of these classes is hard to encode in a static rule. Each is something an agent that reads the whole codebase can catch.
What this means for enterprise security
Three things change for enterprise security teams once Claude Security is generally available. First, the cost curve on AI-assisted code review drops: a defender-side scan that previously needed a senior engineer can now run on the same compute Anthropic bills for Claude API. Data from the Anthropic announcement shows the tool's scanning throughput is high enough to cover a large codebase in a single workday. Second, the defender stack now has a tool that scales with codebase size, not analyst headcount — the historical bottleneck on application security. Third, the procurement decision shifts: Claude Security is a billing surface inside the existing Anthropic Enterprise contract, not a separate vendor relationship.
The competitive picture also shifts. OpenAI shipped Codex Security and Trusted Access for Cyber in the same 48-hour window as part of the 2026 election plan, aimed specifically at US voting-system manufacturers. Both leading frontier labs are now selling defender-side AI into enterprise budgets. The category that did not exist commercially a year ago is now a two-vendor race with parallel announcements on the same week.
The asymmetry argument
The strongest argument for Claude Security is the asymmetry argument: frontier AI cyber capability favours defenders when the defender has the codebase and the attacker does not. The attacker has to find one bug; the defender has to find all of them. Claude Security inverts that historical advantage by making it cheap for defenders to scan the whole codebase the way only attackers used to. Research from the Anthropic 30-day deployment demonstrates that the asymmetry is now a billable product, not a thesis.
Frontier AI cyber capability favours defenders when the defender has the codebase and the attacker does not. The attacker has to find one bug; the defender has to find all of them. Claude Security makes the whole-codebase scan cheap for the side that already owns the code.
— TK, on the asymmetry argument
What I'm watching next
Two things to watch over the next month. First, the OpenAI response: Codex Security is currently scoped to US voting-system manufacturers via the Daybreak programme; whether OpenAI broadens that to general enterprise is the next move. Second, the disclosure-bottleneck question: Glasswing's 10,000-bug disclosure ran into the limits of how fast open-source projects could patch.
Claude Security in enterprise will produce more findings; whether enterprises can patch at the rate Claude Security finds is the next test. The Emergent Intelligence (EI) frame — that the most consequential AI systems must be answerable in ways the standard product model cannot manage — applies here: Claude Security is not just a scanner, it is a defender-side AI counterparty that enterprise teams will have to learn to work with.
Frequently Asked Questions
Quick answers about Claude Security, drawn from the Anthropic announcement and the Mythos → Glasswing → Claude Code lineage covered on humphreytheodore.com.
What is Claude Security?
In short, Claude Security is Anthropic's enterprise AI tool for scanning codebases for context-dependent vulnerabilities. Simply put, it is the production endpoint of the Mythos → Glasswing → Claude Code lineage. The key is that Claude Security catches bugs where the security issue depends on how the code is used, which rules-based scanners typically miss.
How does Claude Security work?
Claude Security accepts a codebase as input and runs a frontier-AI scan across the full call graph, the data flow, and the privilege model. Research from Anthropic's 30-day internal deployment shows the tool found 500+ bugs in production open-source projects that the company's existing scanner stack had missed. Data from the announcement reveals throughput high enough to scan a large codebase in a single workday.
Why is Claude Security different from rules-based scanners?
Rules-based scanners match patterns against a CVE rule library. According to Anthropic, Claude Security reasons about the codebase end-to-end — how a function is called, what data it receives, what privileges it runs under. The answer is that Claude Security catches bug classes (context-dependent authentication bypasses, race conditions, multi-module information disclosure) that are hard to encode in a static rule.
Who is Claude Security for?
Claude Security is for enterprise security teams that need to scale defender-side code review with codebase size rather than analyst headcount. In other words, the tool democratises the kind of scan that previously required a senior application-security engineer per project — while leaving judgement on triage and remediation with the human team.
What are the real risks and limits of Claude Security?
Analysis of the Glasswing disclosure earlier in May 2026 demonstrates one durable risk: the patching bottleneck. Evidence from open-source maintainers shows that finding bugs is now faster than fixing them. Three other risks worth naming: false-positive triage cost, dependency on a single vendor's frontier model, and the question of who is liable when a Claude Security recommendation is acted on and turns out to be wrong. Each risk is operational, not theoretical.
Sources
