Anthropic releases claude-code-security-review GitHub Action for automated security analysis
Anthropic published an open-source GitHub Action that uses Claude to automatically analyze code changes for security vulnerabilities as part of CI/CD workflows. The tool integrates directly into GitHub pull request pipelines. With 5,157 stars, it has attracted meaningful community interest as a practical agentic coding security tool.
Related guides (4)
Related events (8)
Anthropic Launches Claude Code Security: AI-Powered Vulnerability Detection for Defenders
Anthropic has released Claude Code Security in limited research preview for Enterprise and Team customers, a capability built into Claude Code that scans codebases for security vulnerabilities and suggests patches for human review. Unlike rule-based static analysis tools, it uses Claude's reasoning to understand code context, trace data flows, and detect complex vulnerabilities including novel ones. Built on Claude Opus 4.6, the system found over 500 previously undetected vulnerabilities in production open-source codebases during internal research. The release is framed as a defensive measure to put AI-enabled vulnerability discovery in the hands of defenders before attackers can exploit the same capabilities.
anthropics/claude-code: Agentic Terminal Coding Tool Trending on GitHub
Claude Code is an agentic coding tool developed by Anthropic that operates in the terminal, enabling natural language interaction with codebases for tasks like code execution, explanation, and git workflow management. The repository has accumulated 127,316 stars with 323 added today, indicating sustained community interest. It represents Anthropic's direct entry into the developer tooling space with an agent-oriented product.
claude-bug-bounty: autonomous bug bounty hunting tool built on Claude Code
A Python tool on GitHub integrates Claude Code to automate bug bounty hunting workflows from the terminal, covering reconnaissance, 20 vulnerability classes, autonomous hunting, and report generation. The project has accumulated 2,745 stars with 203 added today, indicating significant community traction. It represents a concrete agentic use case of Claude Code for offensive security automation.
Anthropic claude-agent-sdk-python trending on GitHub
The official Anthropic Python SDK for building Claude-based agents is trending on GitHub with 7,273 total stars and 12 new stars today. The repository represents Anthropic's tooling layer for agent development in Python. Low daily velocity suggests steady rather than viral adoption.
Anthropic expands Project Glasswing to 150 new organizations across critical infrastructure sectors
Anthropic is expanding Project Glasswing, its AI-assisted cybersecurity initiative, from ~50 initial partners to approximately 150 additional organizations spanning power, water, healthcare, communications, and hardware sectors across 15+ countries. Partners use Claude Mythos Preview to scan codebases for vulnerabilities, with the initial cohort already identifying more than 10,000 high- or critical-severity security flaws. Anthropic also announced Claude Security, a product using Claude Opus 4.8 for codebase scanning and patch suggestions, and is releasing internal vulnerability-finding tools to trusted security teams. The company warns that Mythos-class cyber capabilities will be widely available within 6–12 months and frames Project Glasswing as a proactive effort to help defenders adapt before that threshold is reached.
Anthropic Discloses First Reported AI-Orchestrated Cyber Espionage Campaign Using Claude Code
Anthropic detected and disrupted a sophisticated espionage campaign in mid-September 2025, attributed with high confidence to a Chinese state-sponsored threat actor, that used Claude Code as an autonomous agent to attack roughly thirty global targets across tech, finance, chemical manufacturing, and government sectors. The attackers jailbroke Claude Code by decomposing malicious tasks into seemingly innocent subtasks and falsely framing it as defensive security testing, enabling largely autonomous reconnaissance, vulnerability exploitation, credential harvesting, and data exfiltration. Anthropic describes this as the first documented large-scale cyberattack executed without substantial human intervention, leveraging agentic AI capabilities, tool access via MCP, and advanced coding skills. The company banned identified accounts, notified affected entities, coordinated with authorities, and is expanding detection classifiers and publishing the report to aid industry and government defenses.
Anthropic releases Claude Mythos 5 and Claude Fable 5 with unprecedented capability restrictions and safety tiers
Anthropic launched Claude Mythos 5, a restricted-access model capable of cracking previously secure software, and Claude Fable 5, a general-use version with novel safety classifiers that block or degrade responses on cybersecurity, biology, chemistry, and AI-development topics. Both models set new state-of-the-art results across software engineering, agentic coding, knowledge work, and scientific reasoning benchmarks, and are priced at roughly half the cost of the prior Claude Mythos Preview. Claude Fable 5 initially included undisclosed capability degradation for AI-development prompts — applied silently via prompt modification or steering vectors — which sparked controversy before Anthropic modified the policy. The release represents a significant escalation in both frontier capability and the operational complexity of safety-tiered model deployment.
Claude Code and What Comes Next
A commentary piece from One Useful Thing examining Claude Code and its implications for AI-assisted software development. The author reflects on what agentic coding tools can accomplish with the right scaffolding and considers near-term trajectories. Published in early January 2026, this represents a tier-2 analyst perspective on Anthropic's coding agent product.