Anthropic Launches Free Security Plugin for Claude Code That Catches Vulnerabilities in Real Time
Anthropic released a free security-guidance plugin for its Claude Code terminal tool that reviews code edits, model outputs, and commits in real time to catch vulnerabilities before they reach production.
Anthropic has launched a security-guidance plugin for its Claude Code terminal tool that autonomously reviews code edits, model outputs, and commits in real time to catch vulnerabilities before they reach production. The plugin is free for all users and available on all plans, marking a significant step toward shifting security left in the AI-assisted development workflow.
The security-guidance plugin operates across three distinct review checkpoints, each designed to catch threats at different stages of the coding session. On every file edit, the plugin runs a fast, deterministic pattern match with no model call that flags dangerous constructs like eval(), new Function(), os.system(), child_process.exec(), pickle deserialization, and DOM injection vectors such as dangerouslySetInnerHTML and .innerHTML=. Because this layer requires no AI inference, it adds zero usage cost.
At the end of each conversational turn, a background Claude model, separate from the one writing the code, reviews the full git diff of all changes made during that session. This reviewer starts from a fresh context with no investment in the original approach, catching logic-level vulnerabilities that string matching cannot detect, including authorization bypass, insecure direct object references, server-side request forgery, and weak cryptography.
When Claude commits or pushes via its Bash tool, a deeper agentic review reads surrounding callers, sanitizers, and related files to minimize false positives. Internal testing showed the plugin cut security-related comments on pull requests by 30–40%, acting as an in-session companion to Claude Code's existing pull request Code Review feature. The plugin is powered by Claude Opus 4.7 by default for both the end-of-turn and commit reviews, though developers can configure alternative models via environment variables.
Industry leaders have praised the approach. Executives including J.P. Morgan's Shalini Goyal highlighted the value of embedding security guidance directly into the coding session rather than relying on downstream review cycles. Installing the plugin takes a single command inside a Claude Code session: `/plugin install security-guidance@claude-plugins-official /reload-plugins`.
Developers can extend the plugin's behavior via two repo-level files — a `.claude/claude-security-guidance.md` file for plain-language threat model rules fed to the model reviewers, and a `.claude/security-patterns.yaml` file for custom regex or substring patterns applied to the per-edit check. Organizations can enforce the plugin across all team members by declaring it in `.claude/settings.json`, and administrators can push it organization-wide through managed settings.
The plugin requires Claude Code CLI version 2.1.144 or later and Python 3.8+ on the system PATH. On first run, it creates a virtual environment under `~/.claude/security/` and installs the Claude Agent SDK for agentic commit reviews. An open-sourced reference repository on GitHub anthropics/claude-code-security-review demonstrates agents autonomously hunting and patching issues, supporting SQL injection, XSS, RCE via deserialization, insecure direct object references, and hardcoded credential detection. The plugin is explicitly positioned as one layer of defense in depth, not a complete security solution, and does not block writes or commits — findings are surfaced as instructions for Claude to resolve within the same session.