Skip to main content
CybersecurityVulnerability Management

Anthropic Expands Claude Security Model to Cybersecurity Platforms

Researcher working on a project with a large monitor displaying an abstract representation in a clean lab setting.

"It also generates instructions for a targeted patch, which users can open in Claude Code on the web to work through the fix in context," Anthropic wrote in a blog post.

Claude Security (Opus 4.7): what Anthropic says it does

Anthropic has opened wider access to Claude Security, a flaw‑finding model it describes as its second‑most powerful model for finding and patching software flaws. The company said Claude Security runs on the Opus 4.7 model and can provide a detailed explanation of a vulnerability, rank its confidence over how real and severe the flaw is, describe likely impact and reproduce steps, and generate targeted patch instructions that can be worked through in Claude Code on the web. Anthropic characterized the release as a "public beta" for enterprise customers.

New features after a February research preview

Claude Security first appeared in February as a research preview under the name Claude Code Security. Anthropic said lessons from two months of use informed the new iteration. Changes called out by the company include a multi‑stage validation of findings intended to reduce false positives, the option to schedule scans, the ability to scan a particular directory, the ability to dismiss findings, export findings, and send scan results to project management tools.

Enterprise availability, guardrails, and partner embedding

Anthropic is making Claude Security available as a public beta for enterprise customers but said it has guardrails for users who have not verified themselves as cybersecurity professionals. At the same time, the company told readers that technology partners are embedding Opus 4.7 into their products. Named partners in Anthropic’s announcement include CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, TrendAI, and Wiz. In a quoted line Anthropic supplied, Palo Alto Networks said: "By integrating one of the world’s most advanced AI models, we are empowering our customers to outpace automated threats."

Mythos Preview, Project Glasswing, and government involvement

Anthropic separately continues to restrict access to Mythos Preview, a model it rolled out on April 7 that the company had earlier described as too dangerous to release publicly. Mythos remains limited to roughly 50 companies allowed to sign onto Anthropic's Project Glasswing. The Wall Street Journal reported that Anthropic proposed letting roughly another 70 companies have access to Mythos, but that proposal is opposed by the White House. The source said the Trump administration is involved in the Mythos rollout because of the model's national security risks.

What this means for technologists, policymakers, and enterprises

  • Technologists and security teams: They gain a tool that Anthropic says can speed vulnerability identification, offer confidence scoring, reproduce steps, and produce targeted patch instructions that can be executed in Claude Code. They will also encounter Anthropic's multi‑stage validation and new scan controls designed to reduce false positives and support workflow integration.
  • Policymakers and regulators: The Mythos Preview debate — including limited access via Project Glasswing and reported White House opposition to expanding access — illustrates active government involvement tied to national security risk assessments for advanced models.
  • Enterprises and procurement leaders: Claude Security is being offered as a public beta for enterprises with partner embedding already under way; customers considering deployment will face Anthropic’s verification guardrails for non‑cybersecurity users and will need to weigh vendor integrations with CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, TrendAI, and Wiz.

Not everyone greeted the arrival of AI‑powered vulnerability scanning with unqualified optimism. Cybersecurity entrepreneur Jeremiah Grossman wrote on LinkedIn that "Most CVEs never get 'weaponized' for in‑the‑wild campaigns, and for reasons beyond technical difficulty," arguing that more capability does not necessarily translate into more real‑world exploitation. Cybersecurity commentator Kevin Beaumont called Grossman's post "a good post" and critiqued what he described as panicked reactions to generative AI from people "who do not understand and have no real world context about" the technology.

Anthropic’s Claude Security rollout is at once incremental and consequential: incremental because it is a public beta of a model first previewed in February, consequential because major security vendors are embedding Opus 4.7 and because a separate, more restricted model — Mythos — remains at the center of a government review. The immediate questions are practical — how the new validation steps perform, how guardrails affect adoption, and whether partner integrations deliver secure, audited workflows — and institutional, about how access to high‑capability models will be governed when national security concerns are raised.

Source: https://www.govinfosecurity.com/anthropic-opens-claude-security-for-wider-public-a-31578