Anthropic announced the launch of new automated security review capabilities in Claude Code. With the integration of a /security‑review command and a new GitHub Action, developers can now incorporate robust, AI‑powered security checks into their existing workflows catching vulnerabilities before code reaches production.
The /security‑review command enables developers to run on‑demand security analysis directly from the terminal. Claude Code scans the codebase for common vulnerability patterns such as SQL injection risks, cross‑site scripting (XSS) vulnerabilities, authentication and authorization flaws, insecure data handling, and dependency vulnerabilities and provides clear, detailed insights. Developers may also ask Claude to suggest or implement fixes, reinforcing security within the inner development loop.
The GitHub Action takes security validation a step further by automatically reviewing all new pull requests. Once configured, it triggers on each pull request, analyzes code changes, applies customizable rules to filter false positives or known issues, and posts inline comments with detected vulnerabilities and remediation recommendations. This creates a standardized security checkpoint across development teams and integrates seamlessly with CI/CD pipelines and security policies.
Also Read: LambdaTest & Lab49 partner to boost AI testing in finance
Anthropic has deployed these features internally to safeguard its production code, including Claude Code itself. The company reports that the GitHub Action recently identified a remote code execution flaw caused by DNS rebinding in a new internal feature. The vulnerability was remediated pre‑merge, highlighting the effectiveness of the new tools. In another instance, the Action flagged a SSRF (Server‑Side Request Forgery) vulnerability in a proxy system for managing internal credentials; the issue was swiftly fixed before any production exposure.
The automated security features are available now to all Claude Code users. Users can access the /security‑review command by updating to the latest version of Claude Code and executing it within their project directory. Full customization and setup instructions are available in the official documentation. The GitHub Action can be installed and configured via the documentation as well.