AI startup Anthropic is back in the news. The company has introduced a new tool, Cloud Code Security, that helps teams find and fix hidden security flaws in software code.

(What is Cloud Code Security?)

Cloud Code Security: AI startup Anthropic is once again in the news. The company has introduced its new tool, Cloud Code Security, which helps teams find and fix security flaws hidden in software code. The announcement caused a stir in the cybersecurity sector, and the shares of several major companies saw sharp declines.

Why is there a stir in the market?

Cybersecurity stocks were immediately impacted following the announcement of Cloud Code Security. Shares of major industry names like CrowdStrike, Okta, Cloudflare, SailPoint, and Zscaler fell as investors feared this new AI-based solution could pose a significant challenge to traditional security tools.

How does Cloud Code Security work?

According to the company, the tool scans any codebase to identify security vulnerabilities. It not only reports the flaws but also suggests potential fixes (software patches) that are then vetted by human experts.

While traditional static analysis tools search for vulnerabilities based on predefined patterns, Cloud Code Security attempts to understand code almost like a human researcher. It tracks data flow, understands interactions between different software components, and can even identify complex flaws like business logic or access control that rule-based systems often miss.

Protection against AI-based attacks

Anthropic says this tool has been specifically designed to protect against new types of AI-related cyberattacks. The company recognizes that the same capabilities that defenders use to find vulnerabilities can also be exploited by attackers. Therefore, this tool has been designed with both security and risk factors in mind.

Multi-stage verification to avoid false alerts

Cloud Code Security doesn't present any potential vulnerabilities directly as final results. Each discovery is put through a multi-stage verification process. The AI ​​re-examines its own findings, trying to prove them correct or incorrect, and removes false positives. Only then does the report reach human analysts. Furthermore, it rates each vulnerability based on severity so teams can prioritize.

Hundreds of old flaws revealed

The company claims that its Cloud Opus 4.6 model discovered more than 500 vulnerabilities in production open-source code. Many of these bugs had existed for years and had remained undetected despite expert review. Anthropic says it is also using the same technology to audit the security of its own systems.

Who will get this tool?

Currently, Cloud Code Security has been released as a limited research preview for Enterprise and Team customers. The company hasn't provided a clear timeline for when the feature will be available to general users.

In the rapidly evolving era of AI, this tool appears to be challenging traditional cybersecurity frameworks. It will be interesting to see how the industry adapts to this change in the future.