Anthropic has introduced powerful new security features in Claude Code, aimed at helping developers identify and fix vulnerabilities during the software development process. These updates include a /security-review terminal command and a GitHub Actions integration, both designed to seamlessly embed security checks into your existing workflows.

Empowering Developers to Catch Vulnerabilities Early

As AI becomes more deeply integrated into software development, ensuring secure code is more important than ever. With these new tools, Claude Code enables developers to run security checks from their terminal or automate them for every pull request, allowing issues to be caught and fixed well before reaching production.

The /security-review command lets developers scan their codebase directly from the terminal. Once executed, Claude reviews the project for known security issues and explains any potential risks it finds in detail. This command is driven by a purpose-built security prompt that inspects code for common vulnerabilities, including.

• SQL injection threats
• Cross-site scripting (XSS) vulnerabilities
• Authentication or authorization flaws
• Insecure data handling practices
• Dependency-based security risks

After identifying issues, Claude can even propose and implement fixes, enabling a tight feedback loop within the developer’s workflow.

Automating Security Checks for Pull Requests

The newly released GitHub Action for Claude Code extends security capabilities by automatically analyzing every pull request as it is created. Once configured, the action.

• Triggers on each new pull request
• Scans the code for security flaws
• Applies custom rules to avoid false positives
• Comments inline on detected issues, including actionable recommendations

This system ensures every PR undergoes a standardized security check, aligned with your team’s policies. It integrates seamlessly into any CI/CD pipeline, strengthening product security without slowing development.

Real-World Protection in Action

Anthropic is already using these tools internally, and they’ve proven effective. In one case, the GitHub Action caught a remote code execution vulnerability via DNS rebinding in an internal HTTP server before the code was merged. In another, it flagged a server-side request forgery (SSRF) flaw in a new proxy system for credential management, again, before reaching production.

Getting Started

The automated security review tools are now available to all Claude Code users. To get started,

• /security-review command: Update Claude Code and run /security-review in your project folder. Configuration options are available in the documentation.
• GitHub Action: Follow the official guide for installation and customization.