Anthropic Launches Claude Code Safety to Hunt Zero-Day Vulnerabilities

Anthropic unveiled Claude Code Safety on February 20, a brand new AI-powered vulnerability scanner that reportedly found over 500 safety flaws in manufacturing open-source codebases—bugs that evaded detection for many years regardless of professional assessment. The instrument is now obtainable in restricted analysis preview for Enterprise and Group prospects, with expedited free entry for open-source maintainers.

The announcement marks a major enlargement of Anthropic’s safety tooling. Again in August 2025, the corporate added fundamental safety assessment options to Claude Code, together with terminal-based scanning and automatic GitHub pull request evaluations. This new launch goes significantly additional.

How It Differs From Conventional Scanners

Most safety evaluation instruments depend on sample matching—they flag recognized vulnerability signatures like uncovered credentials or outdated encryption. Claude Code Safety takes a special strategy, in response to Anthropic. As a substitute of scanning for predetermined patterns, it reads code contextually, tracing knowledge move and analyzing how parts work together.

Consider it just like the distinction between spell-check and having an editor learn your work. The previous catches apparent errors; the latter understands what you are truly making an attempt to say.

The system runs findings by way of multi-stage verification earlier than surfacing them to analysts. Claude basically argues with itself, trying to disprove its personal discoveries to filter false positives. Every validated discovering will get a severity score and confidence rating, with steered patches prepared for human assessment.

Nothing ships mechanically. Builders approve each repair.

The Offensive-Defensive Arms Race

Here is the uncomfortable actuality Anthropic is acknowledging: the identical AI capabilities that assist defenders discover vulnerabilities may also help attackers exploit them. The corporate’s Frontier Crimson Group has been testing Claude’s offensive and defensive capabilities by way of aggressive capture-the-flag occasions and demanding infrastructure protection experiments with Pacific Northwest Nationwide Laboratory.

Their latest analysis demonstrated Claude can detect novel, high-severity vulnerabilities—the type of zero-days that command premium costs on exploit markets. By releasing Claude Code Safety, Anthropic is betting that giving defenders these instruments first creates a web safety profit.

“Attackers will use AI to seek out exploitable weaknesses sooner than ever,” the corporate said. “However defenders who transfer shortly can discover those self same weaknesses, patch them, and scale back the chance of an assault.”

What This Means for Builders

For crypto initiatives and DeFi protocols—the place a single good contract vulnerability can drain tens of millions—this sort of tooling may show invaluable. The five hundred+ vulnerabilities Anthropic claims to have discovered are at the moment going by way of accountable disclosure with maintainers.

The instrument builds on Claude Code’s present permission-based structure, which defaults to read-only entry and requires specific approval for file edits or command execution. Enterprise customers can combine findings into present workflows because it runs inside Claude Code’s customary interface.

Open-source maintainers can apply without spending a dime entry at claude.com/contact-sales/safety. Given the frequency of provide chain assaults concentrating on widely-used packages, smaller initiatives that lack devoted safety groups may profit most.

Whether or not Claude Code Safety lives as much as its billing stays to be seen. However with AI-assisted code technology accelerating improvement velocity throughout the business, AI-assisted safety assessment was most likely inevitable.

Picture supply: Shutterstock