Anthropic opens Claude Security to Enterprise customers

Anthropic opened Claude Security in public beta for Claude Enterprise customers on April 30.

The tool uses Claude Opus 4.7 to scan codebases for vulnerabilities and propose targeted fixes. It can be launched from Claude.ai or claude.ai/security, and scoped to a repository, directory or branch. Anthropic says no custom API integration or agent build is required.

This is not the same as Claude Mythos Preview, the model Anthropic has made available to a limited set of security partners through Project Glasswing. Claude Security uses the generally available Opus 4.7 model, but places it close to the enterprise source code, triage process and patch workflow.

Facts: Anthropic says Claude Security was previously called Claude Code Security and has been tested by hundreds of organizations in a limited research preview. The public beta adds scheduled and targeted scans, easier integration with audit systems, documented dismissal reasons, CSV and Markdown export, and webhooks for Slack, Jira and other tools.

The partner list matters. Anthropic says CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, TrendAI and Wiz are embedding Opus 4.7 into security tools. Accenture, BCG, Deloitte, Infosys and PwC are helping customers deploy Claude-integrated security solutions. That makes this a vendor governance issue, not just a new feature inside Claude.

For leaders, the consequence is clear: AI is moving from developer assistant to an actor that reads code, assesses risk, proposes fixes and connects to the workflow where vulnerabilities are closed. It can reduce time from finding to patch, but only if access, logging and accountability are explicit.

CIOs and CISOs should treat this as privileged source-code access. Start with repository policy: which repositories may be scanned, which branches are allowed, which findings can become pull requests, and who must approve code changes. In regulated businesses, every dismissed finding should have a reason that can be audited later.

Assessment: This is an early sign that code security work is becoming agent-driven. Do not buy it as a magic vulnerability scanner. Buy it as a controlled process for faster triage, better audit trails and shorter patch cycles, with human accountability at every step.