# Anthropic Releases Claude Code Security Plugin for Real-Time Vulnerability Scanning > Source: > Published: 2026-05-27 15:21:13.278251+00:00 # Anthropic Releases Claude Code Security Plugin for Real-Time Vulnerability Scanning Anthropic released a security-guidance plugin for Claude Code that autonomously reviews code edits, model outputs, and commits in real time, according to IT Security News and product documentation on claude.com. The product page for **Claude Security** describes scanning the codebase, tracing data flows across files, running an adversarial verification pass on findings, and proposing targeted patches teams can review, and it states the feature is in public beta for Enterprise customers (claude.com/product/claude-security). IT Security News reports the plugin is free and available on all plans; that claim is attributed to that outlet. Anthropic's developer docs also describe a plugins system for Claude Code that supports skills, agents, hooks, and MCP servers (code.claude.com/docs). ### What happened Anthropic published a security-guidance plugin for Claude Code that autonomously inspects code edits, model outputs, and commits in real time, as reported by IT Security News and described on Anthropic's product pages. Per the **Claude Security** product page on claude.com, the service scans codebases, traces data flows across files, validates findings through an adversarial verification pass, and suggests targeted patches for human review (claude.com/product/claude-security). IT Security News additionally reports the plugin is free and available on all plans; that specific pricing/availability claim is attributed to that outlet. ### Technical details Per the product documentation, **Claude Security** performs three linked actions: scan, validate, and patch. The product page states the scanner reasons through code context, traces data flows, and attempts to reduce false positives via a self-challenge verification step. Anthropic's developer docs for Claude Code and the plugin system show plugins can be packaged with skills, agents, hooks, and MCP servers, and that plugins integrate into workflows via webhooks and exports for tools like Slack and Jira (code.claude.com/docs and claude.com/plugins). ### Industry context Editorial analysis: Companies shipping code-focused LLM tooling increasingly bundle security checks into developer IDEs and CI pipelines. Observed patterns in similar products show value in combining semantic analysis with traditional static analysis to find multi-file, data-flow vulnerabilities that pattern-matching tools miss. For practitioners, that pattern tends to shift some triage work earlier in the development lifecycle while increasing the need to validate model-suggested fixes against project-specific constraints and security policies. ### Context and significance Editorial analysis: A broadly available, model-powered scanner that both verifies findings and proposes patches could reduce time-to-remediation for common classes of bugs, but it also raises operational questions about false positives, suggested-patch correctness, and auditability. Industry reporting frames this release as part of a wider trend where LLMs are applied to both offensive and defensive security workflows; Anthropic's product page also links to guidance on evaluating LLM-discovered 0-days, underscoring emerging attention to tooling and risk management (claude.com/product/claude-security). ### What to watch Editorial analysis: Observers should track: - •real-world false positive and false negative rates reported by early adopters - •how suggested patches are integrated into CI/CD and code review processes - •whether Anthropic expands availability beyond the current public-beta-for-Enterprise description on its product page. Reporting discrepancies about pricing/plan availability (IT Security News versus Anthropic's product page) also merit confirmation from Anthropic or enterprise customers as the beta progresses ## Scoring Rationale A notable product release that integrates model-powered vulnerability scanning into developer workflows, relevant to security engineers and ML practitioners. It is important but not paradigm-shifting, so it scores in the mid-high range for practitioners. Practice interview problems based on real data 1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with. [Try 250 free problems](/problems)