On demand
Watch Claude Security: Putting Claude to Work for Defenders
Model capabilities have outpaced cyberdefense
Exploit capability has moved faster in the past year than most defenders have planned for. In the not-too-distant future, models from labs or open-source projects could on par with Mythos Preview. Three recent benchmarks show what changed.
Model capability is doubling every 0.7 months
AI capability is doubling every seven months, and the pace is picking up. A year ago, the best models could handle software tasks that took humans about an hour. Mythos Preview can now handle tasks that take humans most of a workday. Soon, other models could be just as good. Defensive timelines built on last year's assumptions are already behind.
Why measure capability by duration?
A model that supports long tasks can be a teammate with good or bad intentions. This chart demonstrates that AI can take on work that quadruples annually.
The first model that gets past modern security walls
A year ago, the most capable models could spot security flaws, but couldn't easily turn them into working attacks. Today, they can. Modern browsers and operating systems are built with safety walls called sandboxes that contain flaws even when attackers find them. Mythos Preview is the first model that reliably breaks through. Currently, other models stop at the sandbox.
Why measure capability by duration?
A model that supports long tasks can be a teammate with good or bad intentions. This chart demonstrates that AI can take on work that quadruples annually.
Putting frontier modelsto work for defense
As part of Project Glasswing, Mozilla brought Mythos Preview into their Firefox security review. The April release shipped 271 fixes for latent bugs found with the model, more than 20× the team's monthly average. Some had survived decades of human review.
Why measure capability by duration?
A model that supports long tasks can be a teammate with good or bad intentions. This chart demonstrates that AI can take on work that quadruples annually.
Project Glasswing preview
Our approach to Claude Mythos Preview access
Claude Mythos Preview is a model with significantly stronger cybersecurity capabilities, especially in exploit reasoning. This capability carries the greatest potential for misuse in security, and we’re rolling out access carefully as we work toward general access.
Securing critical software
Preview partners maintain critical infrastructure or software the world depends on, where a successful attack would be catastrophic.
Building towards general access
Anthropic is developing the safeguards required to release this capability broadly. The preview is how we learn to do that responsibly.
Providing tools for defenders today
Claude Security, the open-source reference tools, and the practices emerging from the preview are available to all security teams today.
Insights from defenders
"AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back."
Anthony Grieco
SVP & Chief Security & Trust Officer, Cisco
"AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back."
Anthony Grieco
SVP & Chief Security & Trust Officer, Cisco
Security-tuned technology
How security teams put Claude to work for defense
Across enterprise security programs and inside Anthropic, teams use Claude to improve risk posture through our products, platform, and models.
Find and fix vulnerabilities with Claude Security
Claude Security reasons about your code like a security researcher: scanning for vulnerabilities, validating findings, and proposing targeted patches.
Deploy security agents with the Claude Developer Platform
Ship defender tools and custom security agents with sandboxed execution, credential isolation, and audit logging built in via the Agent SDK, MCP, and Claude API.
"Anthropic는 다른 LLM 업체들보다 안전과 보안을 훨씬 더 우선시했습니다. 최대 규모의 사이버 보안 기업인 저희에게 이는 매우 중요한 부분입니다."
Gunjan Patel, Director of Engineering
"Claude Security는 리서치 프리뷰 초기 테스트 단계에서 새롭고 품질 높은 결과를 발견해 주었고, 이를 통해 환경이나 고객에게 영향을 미치기 전에 잠재적 보안 이슈를 식별하고 해결할 수 있었습니다. 활용 범위를 확대해 나가면서 그 잠재력을 더욱 크게 기대하고 있습니다."
Krzysztof Katowicz-Kowalewski, Staff Product Security Engineer
"Claude Security는 코드 이면에 있는 실제 비즈니스 로직까지 이해합니다. 이제 보안팀은 신뢰하는 도구 내에서 몇 번의 클릭만으로 스캔에서 수정까지 진행할 수 있습니다."
Greg Janowiak, Information Security Officer
● Scanning 247 files across app/, services/, routes/...
● Analyzing auth flows, input validation, file handling...
● Filtering by severity ≥ high...
● Found 4 findings in acme-corp/hookrelay
CRITICAL
Shell command injection via webhook payload
app/services/notifiers/script_runner.py:21 · Command injection
CRITICAL
JWT authentication bypass via "none" algorithm
app/auth/jwt_handler.py:28 · Auth bypass
CRITICAL
Path traversal in export file download endpoint
app/routes/exports.py:39 · Path traversal
HIGH
Server-side request forgery in destination URL validation
app/services/validator.py:36 · SSRF
✓ 12 lower-severity findings filtered out
Ship secure code in your CI/CD workflow
Use the Code Review skill to set up automated PR reviews to catch logic errors, security vulnerabilities, and regressions across your full codebase
In the workflow
진화하는 요구 사항에 맞춘 보안
탁월한 추론 능력과 인간 수준의 응답을 제공합니다.
Build threat context
Give scanning and response a map to work from. Claude derives a threat model from your codebase and past vulnerabilities, then enriches raw indicators with infrastructure links, attribution, and ATT&CK mapping so analysts start with context instead of building it by hand.
Vulnerability detection
Claude reads source code the way a researcher does, reasoning about reachability and exploitability, catching vulnerabilities that static tools often miss.A separate triage pass re-verifies every finding to help reduce false positives.
Patching
Findings now arrive faster than teams can fix them. Claude traces each one to its root cause, hunts sibling call sites with the same flaw, and writes a minimal diff with a regression test for your team to review.
Triage and verify findings
Hand Claude raw findings from any scanner and get back insights. Claude reads the surrounding code to confirm exploitability, deduplicates by root cause, and ranks by precondition and impact, so engineers can focus and work on real issues first.
Security review across the dev loop
Review code for security at every stage of development. Claude checks its own edits as it writes and fixes issues in the same session, then specialized agents re-examine pull requests against your codebase, posting verified findings inline without blocking your review gates.
Secure source code, end to end
As offensive capability accelerates, the find-and-fix loop has to close faster. Claude runs threat modeling, discovery, verification, triage, and patching as one continuous loop on your codebase, carrying context across every stage so each finding arrives at the fix with its full history.
Customer story
Cogent resolves security threats 97% faster with Claude
Claude Opus
500+
high-severity vulnerabilities found that survived decades of scrutiny and automated analysis
Cyber defense powered by Claude, available through our partners
Claude Security
보안 팀의 Claude 활용 방식
취약점 탐지 및 수정
취약점 탐지와 권장 수정 사항 확인까지 하나의 흐름으로 처리할 수 있습니다. Claude는 전체 코드베이스에서 데이터 흐름을 추적하고, 발견된 문제의 악용 가능성을 판단하며, 코드베이스 패턴을 따르는 패치 초안을 작성한 뒤, 팀이 검토할 수 있도록 PR을 열어줍니다.
Claude Developer Platform
Building defender agents and products with Claude
Build security products
Integrate Claude's reasoning into your security platform or product through the API and Agent SDK.
- Connect Claude to your scanning, alerting, and remediation workflows through MCP
- Spawn specialized subagents for parallel tasks like triage, severity scoring, and patch generation
- Deploy in sandboxed containers with network controls, credential isolation, and audit logging built into the SDK
"Claude는 복잡한 에이전틱 워크플로우, 특히 정책 준수와 여러 도구에 걸친 지속적인 추론이 필요한 멀티 스텝 조사 작업에서 일관되게 최고의 성능을 보였습니다."
Anirudh Ravula, Head of AI
"보안 업계는 늘 공격자에 비해 너무 느리게 움직여 왔습니다. AI는 이러한 판도를 근본적으로 바꿔 놓습니다. 걷는 데 그쳤던 방어자에게 제트팬을 달아 준 것과 같습니다."
Martin Holste, CTO of Cloud & AI
"Anthropic는 다른 LLM 업체들보다 안전과 보안을 훨씬 더 우선시했습니다. 최대 규모의 사이버 보안 기업인 저희에게 이는 매우 중요한 부분입니다."
Gunjan Patel, Director of Engineering
Project Glasswing preview
Insights from our most capable model
Claude Mythos is a research preview model tuned for advanced vulnerability discovery, exploit reasoning, and autonomous security investigation. Mythos extends what Opus can do on the hardest classes of security work.
Cyber defense powered by Claude Opus, available through our partners
