Artificial intelligence (AI) company Anthropic has started rolling out a new security feature for Cloud Code that can scan a user’s software codebase for vulnerabilities and suggest patches.
capacity, called cloud code securityCurrently available in limited research preview for Enterprise and Team customers.
“It scans the codebase for security vulnerabilities and suggests targeted software patches for human review, allowing teams to find and fix security issues that are often missed by traditional methods,” the company said in Friday’s announcement.
Anthropic said the feature is intended to leverage AI as a tool to help find and resolve vulnerabilities to combat attacks where threat actors weaponize those same tools to automate vulnerability discovery.
As AI agents are increasingly able to detect security vulnerabilities that might otherwise have escaped human notice, the tech upstart said the same capabilities could be used by adversaries to uncover exploitable vulnerabilities more quickly than before. It added that Cloud Code Security is designed to counter such AI-enabled attacks by giving defenders an advantage and improving the security baseline.
Anthropic claimed that cloud code security goes beyond static analysis and scanning for known patterns by reasoning over the codebase like a human security researcher, while also understanding how different components interact, tracing data flows throughout the application, and flagging vulnerabilities that rules-based tools might miss.
Each of the identified vulnerabilities is then subjected to a “multi-stage verification process”, where the results are re-analyzed to filter out false positives. Vulnerabilities are also given severity ratings to help teams focus on the most important.
The final results are displayed to the analyst in a cloud code security dashboard, where teams can review and approve the code and suggested patches. Anthropic also emphasized that the system’s decision-making process is driven by a human-in-the-loop (HITL) approach.
“Because these issues often involve nuances that are difficult to assess from source code alone, the cloud also provides a confidence rating for each finding,” Anthropic said. “Nothing is implemented without human approval: Cloud code security identifies problems and suggests solutions, but developers are always on call.”
