Anthropic Opens Claude Security Public Beta on Opus 4.7 (Apr 2026)

Anthropic on April 30, 2026 launched Claude Security in public beta, moving its Opus 4.7-powered vulnerability scanner out of a two-month closed research preview and opening it to all Claude Enterprise customers. Within hours, OpenAI CEO Sam Altman announced that GPT-5.5-Cyber would begin rolling out to selected cyber defenders — a direct response that signals AI-driven code security has become a frontier-model arms race.

What Happened

Anthropic's tool — originally branded Claude Code Security when it launched as a limited research preview on February 20, 2026 — was rebranded simply as Claude Security for the public beta. It is now available inside claude.ai for Claude Enterprise customers, who can connect a GitHub repository, point a scan at a directory or branch, and let Claude Opus 4.7 read source code, trace data flows across files, and surface complex multi-component vulnerability patterns that traditional rule-based static analyzers miss.

According to Anthropic, hundreds of organizations participated in the closed preview and used the tool to discover and fix exploits in production codebases — including, the company says, vulnerabilities "existing tools had missed for years." During the preview, Anthropic's Frontier Red Team used Claude Opus 4.6 to find more than 500 previously undetected vulnerabilities in production open-source projects.

Anthropic Claude Security — AI-powered code vulnerability scanner — Claude Security graduates from research preview to public beta on April 30, 2026, built on Claude Opus 4.7.

Key Details

Underlying model — Claude Security runs on Claude Opus 4.7, Anthropic's latest GA frontier model released April 16, 2026.
New capabilities in public beta — directory-level scan targeting, dismiss-with-reason for accepted findings (so future reviewers can trust prior triage), CSV and Markdown exports for tracking and audit, and webhooks to push results into Slack, Jira and other workflow tools.
Verification pipeline — every finding goes through multi-stage verification: Claude challenges its own results to filter false positives before surfacing them with severity and confidence ratings.
Adoption tier — public beta is for Claude Enterprise customers only; the broader Team plan and individual developers do not yet have access.
Open-source angle — Anthropic has invited maintainers of major open-source projects to apply for free, expedited access and is working through responsible disclosure of the 500+ findings from Opus 4.6's earlier sweep.
OpenAI's response — Sam Altman said on X that GPT-5.5-Cyber would begin rolling out to selected cyber defenders "in the coming days" and that OpenAI would "work with the entire ecosystem and the government to establish trusted access for cyber."

What Developers and Security Teams Are Saying

Reaction on Hacker News and r/netsec is cautiously positive. Security engineers note that the tool's reasoning-based approach — tracing data flow rather than matching regex patterns — does in fact catch business-logic and broken-access-control bugs that traditional SAST scanners like Semgrep, CodeQL and Snyk Code miss. The most common skepticism is around false positives at scale and the unit economics of running Opus 4.7 over very large monorepos. Several CISOs on LinkedIn flagged that Enterprise-only access pushes self-hosted security teams toward open-source alternatives like Semgrep and CodeQL for now.

Open-source maintainers tell a more positive story: many have already received expedited access invitations and report Claude finding latent bugs in widely deployed libraries. The New Stack and SiliconANGLE both highlighted the tool's ability to verify its own findings before surfacing them as a meaningful step over previous LLM-based scanners.

What This Means for Developers

For security teams already on Claude Enterprise, Claude Security is an immediate option to layer on top of existing SAST and SCA pipelines — not a replacement, but a meaningfully different lens on a codebase. The CSV/Markdown export and Slack/Jira webhooks mean it slots into existing triage workflows rather than demanding teams adopt a new dashboard. For everyone else — Team plan users, individual developers, and those on competing models — the takeaway is that AI-driven vulnerability detection has crossed the chasm from research demo to production tool, and competing offerings (GPT-5.5-Cyber, Google's Big Sleep) are about to follow.

What's Next

Anthropic says it will continue to expand Claude Security through partner integrations and services teams, with an emphasis on the open-source ecosystem. OpenAI's GPT-5.5-Cyber is expected to begin its rollout within days of the announcement, while Google's Project Naptime / Big Sleep team is reportedly preparing its own broader release. Expect a wave of vendor announcements at the upcoming Black Hat USA and DEF CON conferences in August 2026.

Sources

Claude Help Center — Use Claude Security — Anthropic's official documentation for the public beta
Anthropic — Making frontier cybersecurity capabilities available to defenders — original February 2026 research preview announcement
Help Net Security — public beta coverage and OpenAI's GPT-5.5-Cyber response
The New Stack — analysis of Claude Security's reasoning-based scanning
SiliconANGLE — enterprise rollout details
IT Pro — features and access tiers