Claude Code Security: Scanning Codebases for Vulnerabilities

Anthropic has launched a research preview of Claude Code Security, a feature that lets developers scan entire codebases for security vulnerabilities directly from the Claude Code CLI. Instead of bolting on a separate SAST tool or waiting for a CI pipeline to flag issues, developers can now run security analysis in the same environment where they write code. It's a natural extension of Claude Code's trajectory — from code generation to code review to now code defense — and it arrives at a moment when AI-authored commits represent a growing share of production code.

What Happened

Anthropic announced Claude Code Security as a research preview, adding vulnerability scanning capabilities to the Claude Code CLI. The feature allows developers to point Claude at a codebase — or a section of one — and receive a structured report of potential security issues.

This launch comes exactly one year after Claude Code itself shipped as a research preview, a milestone the team marked publicly. In that year, Claude Code has evolved from a weekend-project tool to infrastructure used at companies like Ramp, Rakuten, Brex, Wiz, Shopify, and Spotify. Security scanning is the latest in a series of rapid additions including HTTP hooks, Remote Control, new skills like /simplify and /batch, and scheduled Cowork tasks.

The "research preview" label is deliberate. Anthropic is signaling that the feature works but isn't yet production-hardened — expect rough edges, false positives, and evolving coverage. That said, the positioning is clear: Anthropic wants Claude Code to own the full developer loop, security included.

Why It Matters

Most developers don't run security scanners locally. SAST tools like Semgrep, CodeQL, or Snyk typically live in CI/CD pipelines, meaning vulnerabilities are caught after code is pushed — sometimes days after the insecure code was written. By the time a developer sees the alert, context has been lost.

Claude Code Security inverts this. Scanning happens at the point of authorship, when the developer still has full mental context. An LLM-powered scanner also has a structural advantage over rule-based tools: it can reason about business logic, data flow across files, and intent — not just pattern-match against known vulnerability signatures.

The timing matters for another reason. With AI-generated code growing rapidly (SemiAnalysis estimates 4% of GitHub public commits now come from Claude Code), the attack surface is expanding. AI models can introduce subtle vulnerabilities — improper input validation, insecure defaults, missing authorization checks — that look syntactically correct but are semantically dangerous. Having the same AI that writes the code also audit it creates a feedback loop that rule-based scanners can't replicate.

For the competitive landscape, this puts pressure on GitHub Copilot and Cursor to respond. Neither currently offers integrated security scanning. Snyk and Semgrep remain strong standalone tools, but integration friction is their weakness — developers who already live in Claude Code won't context-switch to a separate security tool if an adequate one is built in.

Technical Deep-Dive

While Anthropic hasn't published full architectural details for the research preview, the approach likely leverages Claude's existing codebase comprehension capabilities — the same context window and multi-file reasoning that powers code review and refactoring.

What makes LLM-based scanning different from traditional SAST:

Cross-file reasoning: Traditional scanners analyze files individually or build limited call graphs. Claude can trace data flow across modules, understanding that user input in routes/api.ts reaches a database query in services/db.ts three function calls deep.
Intent-aware analysis: A rule-based scanner flags every eval() call. Claude can distinguish between eval() processing untrusted user input (critical vulnerability) and eval() in a build script processing developer-controlled config (low risk).
Natural language output: Instead of cryptic rule IDs like CWE-89, Claude can explain why a pattern is dangerous, how it could be exploited, and what the fix looks like — in the same conversational interface developers already use.

The limitations are equally important to understand. LLM-based scanning introduces non-determinism: the same codebase scanned twice might produce slightly different results. False positive rates are likely higher than mature rule-based tools that have been tuned over years. And coverage depends on the model's training data — novel vulnerability patterns or domain-specific security requirements (like HIPAA compliance checks) may not be well-represented.

The research preview label suggests Anthropic is collecting real-world feedback to calibrate these trade-offs. Developers should treat results as advisory, not authoritative — a complement to existing security tools, not a replacement.

What You Should Do

Try the research preview on a non-critical codebase first. Run it against a project you know well so you can evaluate signal-to-noise ratio against your own security knowledge.
Don't remove existing SAST tools. Claude Code Security is additive. Keep Semgrep, CodeQL, or whatever you run in CI. Use Claude for early, local feedback; use established tools for gating.
Focus on high-value scan targets: authentication flows, API endpoints handling user input, data serialization boundaries, and third-party integration points.
Report false positives and misses during the research preview. Anthropic is explicitly collecting feedback to improve coverage — your edge cases make the tool better for everyone.
Pair with HTTP hooks for automated pre-commit scanning. Claude Code's recently launched HTTP hooks could trigger security scans before code leaves your machine.

Related: Today's newsletter covers more Claude Code updates and broader AI news. See also: Claude Code Skills System.

Found this useful? Subscribe to AI News for daily AI briefings.