Anthropic has introduced a new security-focused plugin for Claude Code designed to identify vulnerabilities in AI-generated software before the code reaches production workflows. The plugin, called security-guidance, continuously reviews code changes during active coding sessions and prompts Claude to fix detected issues in the same environment where the code was created.
The release expands Anthropic’s efforts to position Claude Code as a production-grade AI coding assistant for enterprise developers. The plugin operates as a secondary review system running alongside the primary coding model. While one Claude instance writes or edits code, another Claude instance with a separate context performs security analysis in the background.
The plugin checks for vulnerabilities at three different stages. First, it performs lightweight pattern matching every time Claude edits a file. These checks look for known risky functions and behaviors, including dynamic code execution methods such as eval, unsafe deserialization patterns like Python pickle, insecure DOM APIs including innerHTML, and changes to GitHub workflow files that could alter repository permissions.
A second review layer activates after each interaction between the user and Claude. At that point, the plugin generates a git diff covering all modified files and submits it to a separate Claude security review process. Anthropic said this review can detect more complex vulnerabilities including authorization bypasses, injection flaws, insecure direct object references, server-side request forgery, and weak cryptography implementations.
The third layer performs a deeper “agentic” security review whenever Claude itself executes git commit or git pushcommands through its Bash tool. That review analyzes surrounding code, related files, and sanitization logic to reduce false positives and better understand whether suspicious patterns are actually exploitable vulnerabilities.
The Bigger Picture
The release reflects a broader shift in AI-assisted software development, where vendors are increasingly focused on security and reliability rather than code generation speed alone. As coding assistants become integrated into enterprise workflows, concerns have grown around AI systems introducing insecure patterns directly into production codebases.
Anthropic said the plugin is designed as an early-stage defense layer rather than a replacement for traditional security tools. The company positions the system alongside pull request reviews, static analysis tools, and CI pipeline scanners instead of as a standalone solution.
The plugin also highlights a growing trend toward AI systems reviewing the output of other AI systems. Anthropic emphasized that the reviewing Claude instance operates with a separate context and security-focused instructions rather than evaluating its own previous responses directly. The company said this separation is intended to reduce bias and improve vulnerability detection accuracy.
Market Context
The security-guidance plugin is built entirely on Claude Code’s hook infrastructure, which allows developers to trigger automated actions at specific points in the coding workflow. Anthropic published the plugin through its official Claude plugin marketplace and made the source code available publicly as a reference implementation for developers building their own workflow automation tools.
The plugin supports custom organization-level security policies through configuration files that define review guidance and custom vulnerability patterns. Enterprises can also enable the plugin organization-wide through managed settings.
Anthropic said the plugin is available on all Claude plans and uses Claude Opus 4.7 by default for its model-backed security reviews. The company did not disclose usage pricing beyond noting that the review layers consume additional model capacity similar to standard Claude requests.
The release also aligns with Anthropic’s broader push into AI-assisted cybersecurity. Just recently, the company said its unreleased Mythos AI model identified more than 10,000 high- and critical-severity software vulnerabilities through Project Glasswing, an initiative focused on securing critical infrastructure systems and open-source software.
