This article was originally published in IT Security Guru. 

By David Soffer

Anthropic has launched Claude Code Security, an AI-powered vulnerability scanner built into Claude Code on the web, now available in a limited research preview for Enterprise and Team customers.

The tool is designed to flag subtle logic flaws that are difficult to detect through manual inspection. Its launch triggered an immediate and sharp sell-off across the cybersecurity sector.

The announcement marks a turning point in how security teams find and fix software flaws. Until now, identifying hidden vulnerabilities meant relying on experienced researchers to comb through thousands of lines of code. That method is no longer the only option and, in many cases, it is no longer the most efficient one. Security tools like Claude Code Security are beginning to upend these traditional systems.

Elliott Broidy, who leads Broidy Capital Holdings and invests in AI-driven capabilities for public safety and defense, believes that Claude Code Security represents a fundamental shift in how we achieve accurate vulnerability detection. “Instead of waiting for a breach to expose a weakness, security teams can now get ahead of threats before they are ever exploited,” he said.

Anthropic’s February 20 blog post, “Making frontier cybersecurity capabilities available to defenders,” highlighted this evolution: “Security teams face a common challenge: too many software vulnerabilities and not enough people to address them. Existing analysis tools help, but only to a point, as they usually look for known patterns. Finding the subtle, context-dependent vulnerabilities that attackers often exploit requires skilled human researchers, who are dealing with ever-expanding backlogs. AI is beginning to change that calculus.”

Broidy also sees both sides of the equation clearly. “AI gives human researchers a force multiplier they’ve never had before, which is a game-changer for national security and the private sector alike,” Broidy said. “However, the same capabilities that can find a vulnerability in seconds can be weaponised to exploit one just as fast. Tools like Claude Code Security enable defenders to move at the speed of the threat for the first time.”

Unlike conventional scanners that flag known patterns, Claude Code Security uses reasoning to understand how software components interact with one another. Any vulnerability it identifies undergoes a multi-stage verification and reexamination process before reaching a human reviewer. Validated findings are then assigned a confidence rating to help security teams inspect and approve necessary fixes.

“Claude Code Security is meant to simulate the real process a human security researcher would follow when evaluating code,” said Broidy. “It can read the company’s software, flag potential issues and draft fixes. Ultimately, though, humans should make the final decisions.”

Markets responded swiftly following the announcement. According to Bloomberg, Crowdstrike Holdings fell 8%, while Cloudflare Inc. dropped 8.1%. Zscaler declined 5.5%, SailPoint tumbled 9.4% and Okta Inc. fell 9.2%. The broader selloff dragged down the Global X Cybersecurity ETF by 4.9%, leaving it at its lowest close since November 2023.

The selloff reflects a broader investor concern: that AI platforms capable of detecting and remediating vulnerabilities at machine speed could compress demand for legacy suites.

“The message from markets was hard to miss,” Broidy said. “Investors are now asking an important question. As AI companies like Anthropic and OpenAI continue rolling out tools that can write and scan software code, the pressure on traditional security vendors will only grow.”

Investor concerns have been brewing. The tool builds on over a year of internal research and testing. Claude Opus 4.6, released earlier this month, helped the team find hundreds of previously undetected vulnerabilities. It also stirred up panic and triggered broad selloff across enterprise software stocks as investors fear the sustainability of traditional enterprise software companies.

As an AI code vulnerability scanner, Claude Code Security is a signal of where the industry is heading. The models are only becoming more advanced as the race to give defenders the edge in an increasingly sophisticated threat landscape accelerates.

“There’s no question that AI is becoming the backbone of how we protect critical infrastructure,” Broidy said. “We should be excited to integrate these capabilities while remaining hyperaware of the continued risks it poses.”