Claude Security: Anthropic Revolutionizes Vulnerability Detection
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
Claude Security: A Major Advancement for Enterprise Security
Anthropic has recently opened access to its Claude Security tool to all of its Enterprise clients. This innovative tool is designed to scan codebases, identify potential vulnerabilities, and generate patches ready for review. Unlike other solutions, Claude Security does not require an API or custom agent to be operational, simplifying its integration into existing processes.
Opus 4.7: A Powerful Model for Code Security
At the heart of Claude Security is Opus 4.7, an advanced model that stands out for its ability to trace data flows and analyze interactions between components across multiple files. Rather than merely searching for known patterns, Opus 4.7 deeply reads the source code, an approach that Anthropic also uses to secure its own codebase. This model, in its full version, is now available to Enterprise clients, providing a robust solution for vulnerability detection.
User Experience: Vulnerabilities Revealed After Years
Since its initial launch in February in a closed preview, Claude Security has enabled hundreds of organizations to discover vulnerabilities that had gone unnoticed for years. These flaws, often overlooked by traditional tools, have been brought to light thanks to Opus 4.7's unique approach. The insights gathered during this period have been essential for refining the public version of the tool.
Improvements Based on User Feedback
User feedback has highlighted two main challenges: false positives and the slow correction cycle. Traditional automated scanners tend to generate a large number of false positives, which can lead security teams to ignore or deprioritize alerts. To address this, every result produced by Opus 4.7 undergoes internal validation before being presented to an analyst, accompanied by a confidence score.
An Accelerated Correction Cycle
Thanks to Claude Security, several teams have been able to complete the entire detection and correction cycle in a single session. This process, which previously took several days due to back-and-forth communication between security and engineering teams, is now significantly streamlined, allowing for a quicker and more effective response to potential threats.
Testimonials from Satisfied Users
Companies like Column, DoorDash, and Hebbia have shared their positive experiences with Claude Security. Greg Janowiak, Chief Information Security Officer at Column, emphasized that the tool helps understand the underlying business logic of the code, facilitating the transition from scanning to patching. Suha Can from DoorDash noted the precision with which the tool identifies deep vulnerabilities and integrates results into engineering workflows. Matt Aromatorio from Hebbia mentioned the speed at which real vulnerabilities were able to be fixed thanks to Claude Security.
New Features in the Public Version
The public version of Claude Security introduces several new features. Users can now schedule scans, target specific directories or branches, and archive results with documented justifications for future reviews. Additionally, results can be exported in CSV or Markdown formats and sent to platforms like Slack or Jira via webhooks.
A Controlled Rollout of Technology
Three weeks before the launch of Claude Security, Anthropic had limited access to Mythos Preview to about fifty companies through Project Glasswing, due to the risks associated with detecting and exploiting zero-day vulnerabilities in major operating systems and web browsers, such as Firefox, with some bugs dating back over twenty years. With Opus 4.7 integrated into Claude Security, high-risk queries are blocked by built-in safeguards. Organizations whose legitimate activities might trigger these filters have access to a dedicated verification program.
Integration with Security Leaders
Opus 4.7 is already integrated into the security platforms of major companies like CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, TrendAI, and Wiz. Consulting firms such as Accenture, BCG, Deloitte, Infosys, and PwC are collaborating with these organizations to deploy integrated vulnerability management and incident response solutions. Anthropic also plans to expand access to its Team and Max plans soon.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.