Anthropic’s Claude Code Security Aims to Tackle Zero-Day Vulnerabilities
Anthropic has unveiled Claude Code Security, an AI agent designed to identify vulnerabilities in software code and suggest patches. Currently in limited preview, the tool joins a growing field of AI-powered security solutions, including OpenAI’s Aardvark [1], aimed at bolstering software security.
The Challenge of Vulnerability Detection
Anthropic emphasizes that finding software vulnerabilities is a resource-intensive and time-consuming process. Traditional analysis tools often rely on recognizing known patterns, which can miss more sophisticated, context-dependent vulnerabilities frequently exploited by cybercriminals. Identifying these critical flaws typically requires expert security researchers with extensive experience [1].
How Claude Code Security Works
Claude Code Security, powered by the Claude Opus 4.6 model, is designed to discover zero-day vulnerabilities – flaws unknown to developers and security teams. Unlike static analysis tools that search for predefined patterns, Claude Code Security reasons like a human security researcher. It analyzes how different components of an application interact and how data flows, enabling it to identify complex vulnerabilities that rule-based systems might overlook [1].
The process involves a multi-step verification system. Each potential vulnerability identified by Claude undergoes review by a human expert. Claude then performs a second analysis to confirm or refute its initial findings, filtering out false positives. Results are assigned severity levels to help developers prioritize fixes. Suggested patches are presented to developers for review and approval within a dedicated dashboard. the AI does not automatically apply fixes, ensuring human oversight remains central to the process [2].
Access and Availability
Currently, access to the Claude Code Security preview is limited to subscribers of Claude Team and Claude Enterprise plans. Interested users must join a waitlist to request access [1].
OpenAI’s Past Access and Anthropic’s Response
In August 2025, Anthropic revoked OpenAI’s API access to its Claude models after discovering that OpenAI’s technical staff were using Claude’s coding tools ahead of the launch of GPT-5, a violation of Anthropic’s terms of service [4]. OpenAI had been using Claude to benchmark its own models in areas like coding, writing, and safety [3]. Whereas Anthropic initially cut off access, it later indicated a willingness to continue providing OpenAI access for benchmarking and safety evaluations [4].
Anthropic also provides a compatibility layer allowing the use of the OpenAI SDK to test the Claude API, though this is intended for testing and comparison purposes and not for production environments [2].