Infosec community panics over Anthropic Claude Code Security • The Register
Infosec community panics over Anthropic Claude Code Security • The Register
https://www.theregister.com/2026/02/23/claude_code_security_panic/
Publish Date: 2026-02-23 14:50:00
Source Domain: www.theregister.com
ai-pocalypse Anthropic sent the infosec community into a tizzy on Friday when it rolled out Claude Code Security, a new feature that scans codebases for vulnerabilities and suggests patches to fix the issues.
The new security capability is currently available as a limited research preview for enterprise and team customers to test in their environments, and open-source maintainers can apply for free, expedited access.
The announcement sent some cybersecurity stocks into a downward spiral and prompted much pontificating about the end of security as we know it – along with a dissenting opinion from CrowdStrike co-founder and CEO George Kurtz. His firm’s shares were among those hit on Friday, closing the day down nearly 8 percent from the previous close, and Kurtz asked Claude if its new security tool could replace what CrowdStrike does (tl;dr: Claude said no).
The reality, however, isn’t nearly as gloomy for the security industry – nor as exciting and sexy as AI evangelists make it out to be. Yes, large language models have shown an ability to flag some pattern-based vulnerabilities at scale. Earlier this month, Anthropic claimed that Claude Opus 4.6 “found and validated more than 500 high-severity vulnerabilities” in open source code.
But Claude’s security feature is simply the latest and buzziest AI-enabled bug-fixing tool, meaning Anthropic is now doing what other companies at the forefront of agentic AI are also doing. When it comes to securing code, it’s a move in the right direction. But it’s not sufficient – humans are still required.
Amazon also uses AI agents to find security flaws and suggest fixes internally. Microsoft has its own swarm of security agents that, among other tasks, prioritize vulnerability remediation, automate the identification of impacted devices, and then initiate fixes.
Google, back in…
