Claude Security is a capability built into Claude that scans codebases for security vulnerabilities and suggests targeted patches for human review. It helps teams find and fix issues that traditional methods often miss.
Claude Security is now in research preview.
Claude Security lets you:
Scan your code in parallel — Claude Security understands context, traces data flows across files, and identifies complex, multi-component vulnerability patterns that traditional scanners might not detect.
Validate findings — Every finding goes through multi-stage verification, with Claude challenging its own results before surfacing them. The result: more real issues reported and fewer false positives.
Review and patch — Pivot directly from a finding into a Claude Code session to review the proposed fix. Resolve vulnerabilities quickly instead of growing a backlog.
To get started, see the getting started guide.
Finding types
Each finding falls into one of the categories below.
Categories
Domain | Category | What it is |
Injection | SQL injection | Untrusted input changes query structure, not just bound values |
Injection | Command injection | Untrusted input reaches a shell or exec call |
Injection | Code injection | Attacker input is parsed or executed as code |
Injection | Cross-site scripting (XSS) | Input rendered into HTML/JS without context-appropriate escaping |
Injection | XXE | XML parser resolves external entities from untrusted input |
Injection | ReDoS / algorithmic complexity | Super-linear regex or algorithm on attacker-controlled input |
Path & Network | Path traversal | User input escapes an intended filesystem boundary |
Path & Network | SSRF | User input controls request host or protocol |
Path & Network | Open redirect | User-controlled URL reaches a redirect without allow-listing |
Auth & Access | Authentication bypass | Reachable code path skips an auth check |
Auth & Access | Privilege escalation | Normal user gains admin-only capability |
Auth & Access | IDOR / BOLA | Object reference trusted from the client without ownership check |
Auth & Access | CSRF | State-changing request accepts cross-origin triggers without protection |
Auth & Access | Race condition | TOCTOU or concurrent access breaks a security invariant |
Memory Safety | Buffer overflow | Input-sized data written into independently-sized container |
Memory Safety | Use-after-free | Freed memory reachable via a live pointer |
Memory Safety | Integer overflow | Arithmetic on untrusted input wraps past a safety check |
Memory Safety | Unsafe soundness |
|
Cryptography | Timing side-channel | Secret-dependent comparison or branch observable to attacker |
Cryptography | Algorithm confusion | Misuse across primitives (e.g. JWT |
Cryptography | Weak primitives | MD5, SHA-1, DES, ECB, etc. used in a security context |
Deserialization | Arbitrary type instantiation | Attacker-controlled data drives object construction |
Protocol & Encoding | Caching safety | Cache keyed without all authority-determining inputs |
Protocol & Encoding | Encoding confusion | Parsers disagree across layers (Unicode, URL, HTML) |
Protocol & Encoding | Length-prefix trust | Declared length trusted without bounds checking |
Severities
Severity is assigned per finding based on exploitability in your codebase, not the category itself—so the same category can land at different severities in different repos.
Severity | Criteria | Typical example |
High | Exploitable by an unauthenticated remote attacker against a default deployment, with no meaningful preconditions | Unauthenticated command injection in a public API endpoint |
Medium | Exploitable behind authentication, or needs 1-2 realistic preconditions (specific role, known identifier, user interaction) | SQL injection behind auth requiring knowledge of table schema |
Low | Needs 3+ preconditions, local-only access, or lacks a concrete demonstrated attack path | Timing side-channel requiring network proximity and thousands of requests |
Finding structure
Every scan finding includes the following fields:
Field | Type | Description |
| string | Describes the issue |
| string | Attacker capability |
| string | Repo-relative path to the primary vulnerable source file |
| int | Primary line where the issue originates |
| string | Full technical description of the vulnerability, data flow, and why it's exploitable |
| string | Concrete end-to-end exploit mapping a specific input to a specific impact |
| string[] | Every condition that must hold for the exploit to succeed. An empty list means the issue is exploitable against any default deployment. |
| string | Attack category, e.g. |
| enum |
|
| float | 0.0-1.0, reflects finding confidence |
| string | Outcome-based fix |
Frequently asked questions
Model selection — Access to Mythos is limited to a small set of approved customers.
Scan length — Scan time varies based on the repository and the agent's actions.
Severity configuration — Severity isn't configurable today.
Non-GitHub repositories — Only repositories hosted on GitHub can be scanned today.
Scan determinism — Scans are non-deterministic, so a real issue may not surface in every scan. New findings are marked "new" in the console.
Scope of use
You may only use Claude Security to scan code that your company owns and to which your company holds all necessary rights to scan. You may not use Claude Security to scan code owned by or licensed from third parties, including but not limited to open source projects or repositories other than those included in your company's codebase(s).