Anthropic launched Claude Code Security yesterday, a tool that scans software codebases for vulnerabilities and proposes fixes, and the cybersecurity industry responded by losing billions in market value within hours.
CrowdStrike fell 6.8%, Okta dropped 9.2%, SailPoint shed over 9%, and Cloudflare slid nearly 7%. The Global X Cybersecurity ETF (the stock market fund that lets investors buy a diverse basket of companies focused on cybersecurity) closed at its lowest point since November 2023.
It seems the market believes that if an AI can do what security engineers do, the companies selling security software have a problem.
The tool, built into Claude Code, works differently from conventional security scanners. Traditional static analysis tools compare code against a library of known vulnerability patterns, which is useful for catching obvious mistakes like exposed credentials or outdated encryption but unreliable for subtler issues.
Claude Code Security instead traces how data moves through an application and how components interact, which is closer to how a human researcher actually audits code.
Each potential vulnerability gets re-examined before surfacing to a developer, with a confidence rating and severity score attached, and nothing gets patched without a human signing off.
Anthropic says that Claude Opus 4.6 (their latest model) found over 500 vulnerabilities in production open-source codebases during internal testing, some of which had sat undetected for decades despite active expert review.
The company is currently working through responsible disclosure with the affected maintainers.
READ: GitHub Adds Claude and OpenAI Codex as Native AI Coding Agents
Anthropic has stated that the release isn’t a full product yet. It’s a limited research preview available to Enterprise and Team customers, with expedited access for open-source maintainers.
Testers have to agree to only scan code their company actually owns and no third-party or licensed code.
The larger anxiety here isn’t really about Claude Code Security specifically. Software stocks have been getting hammered all year. Investors are increasingly nervous that AI is eating into demand for traditional software across the board, and security is just the latest sector to take a hit on a single headline.
Whether that fear is proportionate is a different question. Security researchers have noted that current AI tools tend to excel at finding lower-severity bugs, while human expertise is still needed for complex threat management and higher-order vulnerabilities.
However, “still needs humans for some things” is a harder sell when a model is also finding decades-old bugs that human teams missed entirely.
