Will Anthropic's Claude Code Security Replace Cyber Tools?

The team at Anthropic has decisively stepped into the cyber ring by launching Claude Code Security.

This capability, which is available in research preview hands the power of AI to cyber defenders. 

The colossal AI company’s cyber unveiling sent major cybersecurity stocks sliding down into the red, with Global X Cybersecurity ETF taking a massive 4.9% dip – its lowest closing since 2023. 

The companies, still under trading pressure, saw CrowdStrike fall 8%, Cloudflare drop 8.1% and SailPoint and Okta declining 9.4 and 9.2%, respectively. 

The wave that caused millions to vanish from cybersecurity stocks also came for Zscaler, which tumbled 5.5% post the Anthropic announcement.    

“We might be six to 12 months away from when the model is doing most, maybe all of what software engineers do end-to-end,” said Dario Amodei, Anthropic CEO, at Davos - and now this is playing out in real-time with Claude Code Security. 

Claude Code Security 

Towards the end of 2025, the Anthropic team said that society was “at an inflection point for AI’s impact on cybersecurity”.

This was after Claude models could outperform human teams in cybersecurity competitions, fix cyber flaws within the Claude code base and even recreate cyberattacks. 

Claude’s Red Team, in partnership with the Pacific Northwest National Laboratory, has also been stress testing Claude to experiment with AI tools that can defend national critical infrastructure. 

The tool has therefore come a long, rugged way, and is now being trialled as a full-fledged security feature in Claude. 

Used with the Claude Opus 4.6 model, Claude Code Security found over 500 vulnerabilities in open-source code, including some which had remained hidden for decades, thoroughly establishing the value it brings to defence teams. 

“We expect that a significant share of the world’s code will be scanned by AI in the near future, given how effective models have become at finding long-hidden bugs and vulnerabilities,” reads the Anthropic announcement. 

“Claude Code Security is one step towards our goal of more secure codebases, and a higher security baseline across the industry.”

Moving beyond static analysis

Static analysis is an automated, rule-based security testing, in which code is matched with known vulnerabilities.

Claude moves beyond this initial stage, putting its AI feet in the shoes of human security researchers and understanding how components interact, tracing data movements and thereby catching complex vulnerabilities on the fly. 

The spotted errors are then verified and rated by importance before reaching the security team, who can then work on patching the vulnerabilities in the order of their importance.

The security team can interact with Claude’s findings via its dashboard where along with the errors and and their importance, suggested patches are also shown. 

Claude hands the baton of making the decision to patch over to human developers, where senior engineers can make the call on whether to use Claude's suggested fixes or their own. 

Will Claude Code Security replace cyber security tools?

Following the cyber stock sell off after the Claude Code announcement, CrowdStrike’s Founder and CEO George Kurtz, posted on LinkedIn an interaction with Claude, where he prompted it to build a tool to replace CrowdStrike. 

Claude denied the request saying that it cannot do so. According to the model, CrowdStrike's veteran threat hunting tools, built over a decade, are “not something you can replicate with a script – it’s an infrastructure product.”

Specifically to the question of whether Claude Code serves as a CrowdStrike replacement, the model outputs: “Claude Code Security is a code vulnerability scanner and patcher. It competes more directly with static analysis tools (like Snyk, Checkmarx, or Veracode) than with CrowdStrike.”

When Claude Code Security finds bugs before the code shipment at the development stage, CrowdStrike responds to real-time threats that emerge after deployment. Or as Claude puts it: “They sit at completely different points in the security lifecycle.”

George notes: “AI innovation is inspiring. But let’s stay grounded in reality: an AI capability that scans code does not replace the Falcon platform – or your security programme. Security requires an independent, battle-tested platform built to stop breaches.

“AI is powerful. It’s transformative. And it absolutely makes security better. But AI doesn’t eliminate the need for security. It increases it.

“If you want to build AI, you need GPUs. If you want to deploy AI, you need security. That’s not a hallucination – it’s a fact.”