Shares of major cybersecurity companies nosedived on Friday after AI startup Anthropic unveiled Claude Code Security, a new AI-powered tool capable of autonomously scanning codebases for software vulnerabilities and suggesting targeted patches sparking fears that artificial intelligence could begin displacing traditional enterprise security solutions.
Anthropic announced Claude Code Security on February 19, 2026, as a new capability built directly into its Claude Code platform on the web, currently available in a limited research preview for Enterprise and Team customers.
The tool scans codebases for security vulnerabilities and suggests targeted software patches for human review, enabling teams to find and fix security issues that traditional methods often miss.
Anthropic also extended free expedited access to maintainers of open-source repositories, citing the need to support under-resourced developers responsible for keeping widely used public software secure.
How Claude Code Security Works
Unlike conventional rule-based scanning tools, Claude Code Security leverages Anthropic’s latest Claude Opus 4.6 model to reason through codebases the way a human security researcher would, understanding component interactions, tracing data flows, and flagging subtle logical errors that static analysis tools routinely overlook.
Each identified vulnerability is subjected to a multi-stage verification process to filter false positives and assigned a severity rating so teams can prioritize remediation. Critically, the system enforces a human-in-the-loop (HITL) approach; no patch is applied without developer approval.
During Anthropic internal testing, the tool already uncovered over 500 previously unknown high-severity vulnerabilities across operational open-source codebases, many of which had gone undetected for years.
The announcement triggered a sweeping selloff across the cybersecurity sector. JFrog stock plunged nearly 25%, while CrowdStrike (CRWD) fell approximately 8%, Okta (OKTA) dropped over 9%, and Cloudflare (NET) lost around 8%.
GitLab, Zscaler, Rubrik, Palo Alto Networks, and SailPoint also recorded sharp declines as investors questioned whether AI-native tools could erode the long-term subscription value of established security platforms.
The sell-off reflects growing investor anxiety that agentic AI is transitioning from an experimental feature to a core enterprise capability, compressing the vulnerability lifecycle from discovery through remediation into a single automated workflow.
However, analysts at Barclays pushed back on the panic, calling the selloff “illogical” and asserting that Claude Code Security does not directly compete with any of the established businesses they cover, suggesting significant market overreaction.
Anthropic framed the tool not as a replacement for enterprise security teams, but as a force multiplier for defenders designed specifically to counter the growing threat of AI-enabled attackers who are weaponizing the same automation to find exploitable weaknesses faster than human teams ever could.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
