Wall Street turns on cybersecurity stocks as Anthropic's Claude exposes bugs missed by experts
Anthropic has launched a limited research preview of Claude Code Security, a new tool that scans software for vulnerabilities and recommends fixes, marking a significant step in the use of artificial intelligence for cyber defense and sending shockwaves through the cybersecurity industry.
The tool, built into Anthropic’s Claude Code platform, is now available to Enterprise and Team customers, with free accelerated access offered to open-source project maintainers. It comes as the San Francisco-based AI company says it expects AI to scan a significant share of the world’s code in the near future.
The existing security tools only work through the common problem patterns, like exposed passwords or outdated encryption.
Claude Code Security is supposed to go further than pattern-matching. It works through a full codebase the way a human researcher would, following the path data takes across a system and catching problems that standard scanners overlook.
Results go through several rounds of checks before a developer ever sees them, cutting down on dead ends. Each issue is also ranked by how serious it is, so teams know where to start.
It runs on Claude Opus 4.6, Anthropic’s newest model, which the company’s own Frontier Red Team has been putting through its paces. That testing turned up more than 500 vulnerabilities sitting in live open-source codebases — some of them had been there for decades without anyone catching them, even after years of expert review.
Anthropic says it is now going through the process of notifying the people responsible for those projects. The company has also been running Claude across its own internal code and says the results have been strong.
Analysts push back, but markets aren’t convinced
The news shook cybersecurity investors. CrowdStrike shares dropped 6.8% on Friday and Okta fell 9.2%, as markets began questioning whether AI tools could eat into the business of established security companies.
Cloudflare lost 6.7%, SailPoint shed 9.1%, and Palo Alto Networks slid 1.5%. Zscaler was down 5.47%. The Global X Cybersecurity ETF, which follows security firms around the world, closed the day nearly 5% in the red.
Not everybody saw the reaction as warranted. Barclays analysts called it “incongruent,” saying a tool built for code security does not really go up against what companies like CrowdStrike or Palo Alto Networks actually do.
But the gap between what spooked markets and what analysts are brushing off sits uneasily alongside one hard fact: Anthropic’s AI turned up more than 500 vulnerabilities in live codebases that had been sitting there for years, in some cases decades, without any human expert catching them.
Whatever the competitive boundaries analysts draw, the tool did something the security industry had not managed to do on its own.
AI cyberattack warning adds to the pressure
The timing of the launch carries its own uncomfortable irony. Claude Opus 4.6, the exact model now being positioned as a security defender, was blamed just days earlier for a $1.78 million loss at DeFi lending protocol Moonwell.
The bar for causing serious damage with AI-written code has dropped so low that it no longer requires an attacker at all. Security experts have been warning about this shift for months.
Anthropic acknowledged the same trend in its own release, warning that “less experienced and resourced groups can now potentially perform large-scale attacks of this nature.”
“Attackers will use AI to find exploitable weaknesses faster than ever,” the company said. “But defenders who move quickly can find those same weaknesses, patch them, and reduce the risk of an attack.”
Its internal research, published in December 2025, went further, showing that an earlier version of the model, Claude Opus 4.5, could independently identify and exploit smart contract vulnerabilities worth up to $4.6 million in a controlled setting, with minimal human involvement.
The company was aware its models could cut both ways. Claude Code Security is its answer to that problem. Take the same capability and put it in the hands of defenders before attackers get there first.
Anthropic’s rival OpenAI debuted its own automated security tool, called Aardvark, in October of last year, signaling that AI-driven security is becoming a competitive battleground.
Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.
Recommended Articles
