Claude Code Security Evolution: Where It Came From, Where It's Going

In February 2026, Anthropic launched Claude Code Security, sparking debate and market reactions about its impact on application security (AppSec). This tool, which builds on the earlier /security-review command, employs AI to reason about code, identifying vulnerabilities that traditional rule-based tools might miss. While Claude Code Security has demonstrated the ability to find high-severity vulnerabilities in open-source codebases, it is limited by not testing running applications, unlike dynamic application security testing (DAST) tools that engage with live environments to uncover runtime vulnerabilities. The community response highlights excitement about the AI's potential to suggest context-aware fixes but also raises concerns about non-determinism and reliance on AI models to secure AI-generated code. Despite these limitations, combining Claude Code Security with runtime testing is seen as a comprehensive approach to shipping secure software, ensuring both AI-powered analysis and validation through real-world testing.