At a glance: Claude Security public beta. Announced May 4, 2026. Currently available to Claude Enterprise customers. Engine: Claude Opus 4.7. Capability: codebase vulnerability scanning, patch suggestion. No API integration required. Partners: CrowdStrike, Microsoft Security, Palo Alto, SentinelOne, TrendAI, Wiz. Part of our AI Models & Companies reviews.
Anthropic’s Claude Code established the pattern: put the model directly into the developer’s workflow, remove the abstraction layer between AI capability and actual work. Claude Security is the same thesis applied to security engineering.
On May 4, 2026, Anthropic launched Claude Security into public beta for Claude Enterprise customers. The product uses Claude Opus 4.7 to scan codebases for security vulnerabilities, trace data flows across files and modules, and generate targeted patches for developer review — without requiring any API integration, custom agents, or code changes.
Admins enable it through the Claude Enterprise admin console. Developers get vulnerability findings they can triage, dismiss with documentation, and route to existing tools.
What It Does
Claude Security’s core capability is code vulnerability scanning. The model reads codebases by tracing how data flows through the application — across files, functions, and module boundaries — rather than scanning for known vulnerability signatures. This is a different approach from traditional SAST tools that match code patterns against rule databases.
The practical difference: Claude can identify vulnerability classes that require understanding program logic, not just recognizing dangerous function calls. Injection vulnerabilities, authentication bypass patterns, and insecure data handling often require following the data flow to identify the actual exposure point. Opus 4.7 does this across the full codebase in a single scan.
Key features at beta:
- Scheduled scans: Run automatically against the full codebase on a defined cadence
- Targeted scans: Focus a scan on a specific directory — useful for reviewing a PR or a recently modified component
- Findings management: Dismiss findings with documented reasons (tracks the decision, not just the outcome)
- Export: CSV or Markdown for feeding into existing audit systems and tracking tools
- Webhooks: Route scan results to Slack, Jira, or any webhook-capable tool
Ecosystem
The security tool partner list signals how seriously Anthropic is approaching this. The firms embedding Opus 4.7 into their own security products include:
- CrowdStrike — endpoint detection and response
- Microsoft Security — cloud security across the Microsoft stack
- Palo Alto Networks — network and cloud security
- SentinelOne — AI-native endpoint protection
- TrendAI — cloud and hybrid security
- Wiz — cloud infrastructure security
That is not a list assembled by coincidence. These are the dominant players in enterprise security. When CrowdStrike and Palo Alto simultaneously embed the same underlying model, it’s a signal about where enterprise security tooling is headed: AI-native vulnerability reasoning, not just rule-based detection.
On the services side, Accenture, BCG, Deloitte, Infosys, and PwC are all deploying Claude Security for enterprise clients — consistent with the broader consulting industry’s Claude integration trend.
Access Path
Current access: Claude Enterprise customers via admin console. No API integration required — this is a first-class product feature, not a developer library.
Expected next: Claude Team and Max customer access in subsequent beta phases. Timeline not confirmed.
Pricing: Not announced separately. Claude Enterprise pricing is typically custom.
Why This Matters
Enterprise security tooling is a large, well-funded market with established vendors. Anthropic entering it directly — with a product, not just an API — signals that the model capabilities are strong enough to compete on specific workflows, not just as a general-purpose reasoning layer.
The architectural advantage Claude Security claims is the same as its general coding advantage: Opus 4.7’s ability to understand program semantics, not just syntax, produces a different class of vulnerability finding than pattern-matching approaches.
Whether the finding quality holds under production conditions is what the beta will determine. Enterprise security teams are skeptical by default; false positive rates, missed vulnerability classes, and CI/CD integration friction will all be tested in the coming months.
For security engineering teams on Claude Enterprise, this is worth evaluating now. For teams on other tiers, watch for the Team/Max availability announcement.
Rating: 4/5 — Compelling product direction with a serious partner ecosystem; beta limitations and finding quality at scale remain to be validated.
What to read next: See our Claude Opus 4.7 deep dive for the model powering Claude Security. For MCP-based security scanning tools, see our Security Scanning MCP Servers review.