VYPR
advisoryPublished May 27, 2026· Updated May 28, 2026· 4 sources

Anthropic Launches Free Security Plugin for Claude Code That Catches Vulnerabilities in Real Time

Anthropic released a free security-guidance plugin for its Claude Code terminal tool that reviews code edits, model outputs, and commits in real time to catch vulnerabilities before they reach production.

Anthropic has launched a security-guidance plugin for its Claude Code terminal tool that autonomously reviews code edits, model outputs, and commits in real time to catch vulnerabilities before they reach production. The plugin is free for all users and available on all plans, marking a significant step toward shifting security left in the AI-assisted development workflow.

The security-guidance plugin operates across three distinct review checkpoints, each designed to catch threats at different stages of the coding session. On every file edit, the plugin runs a fast, deterministic pattern match with no model call that flags dangerous constructs like eval(), new Function(), os.system(), child_process.exec(), pickle deserialization, and DOM injection vectors such as dangerouslySetInnerHTML and .innerHTML=. Because this layer requires no AI inference, it adds zero usage cost.

At the end of each conversational turn, a background Claude model, separate from the one writing the code, reviews the full git diff of all changes made during that session. This reviewer starts from a fresh context with no investment in the original approach, catching logic-level vulnerabilities that string matching cannot detect, including authorization bypass, insecure direct object references, server-side request forgery, and weak cryptography.

When Claude commits or pushes via its Bash tool, a deeper agentic review reads surrounding callers, sanitizers, and related files to minimize false positives. Internal testing showed the plugin cut security-related comments on pull requests by 30–40%, acting as an in-session companion to Claude Code's existing pull request Code Review feature. The plugin is powered by Claude Opus 4.7 by default for both the end-of-turn and commit reviews, though developers can configure alternative models via environment variables.

Industry leaders have praised the approach. Executives including J.P. Morgan's Shalini Goyal highlighted the value of embedding security guidance directly into the coding session rather than relying on downstream review cycles. Installing the plugin takes a single command inside a Claude Code session: /plugin install security-guidance@claude-plugins-official /reload-plugins.

Developers can extend the plugin's behavior via two repo-level files — a .claude/claude-security-guidance.md file for plain-language threat model rules fed to the model reviewers, and a .claude/security-patterns.yaml file for custom regex or substring patterns applied to the per-edit check. Organizations can enforce the plugin across all team members by declaring it in .claude/settings.json, and administrators can push it organization-wide through managed settings.

The plugin requires Claude Code CLI version 2.1.144 or later and Python 3.8+ on the system PATH. On first run, it creates a virtual environment under ~/.claude/security/ and installs the Claude Agent SDK for agentic commit reviews. An open-sourced reference repository on GitHub anthropics/claude-code-security-review demonstrates agents autonomously hunting and patching issues, supporting SQL injection, XSS, RCE via deserialization, insecure direct object references, and hardcoded credential detection. The plugin is explicitly positioned as one layer of defense in depth, not a complete security solution, and does not block writes or commits — findings are surfaced as instructions for Claude to resolve within the same session.

Anthropic confirmed that the security-guidance plugin has been extensively tested internally before its public release, and the company is positioning it as a defensive tool for developers working with Claude Code. The plugin is now available for free, offering real-time vulnerability detection during code edits, model output reviews, and commit analysis. This release underscores Anthropic's push to embed security directly into AI-assisted development workflows.

Anthropic detailed the plugin's three-stage review process: lightweight pattern checks during file edits, model-based analysis of git diffs after each turn, and deep reviews during commits or pushes. The company reported a 30–40% reduction in security-related pull request comments from internal use, and noted that the plugin is free for all users, requiring Claude Code 2.1.144 or later and Python 3.8+.

The update also includes performance improvements such as a full-screen renderer to eliminate screen flickering, faster streamed responses, clearer error messages, and doubled rate limits for Pro users. Anthropic additionally announced a landmark infrastructure deal with SpaceX, providing over 300 megawatts of compute capacity from the Colossus 1 data center, equivalent to more than 220,000 NVIDIA GPUs. Internal data shows a 30–40% reduction in security-related pull request comments since the plugin's introduction.

Synthesized by Vypr AI