Anthropic has introduced automated security reviews in Claude Code, enabling developers to detect and fix vulnerabilities directly within their workflow.
The new capabilities include a /security-review command for terminal-based analysis and a GitHub Action that reviews every pull request for security risks. Both tools aim to catch issues such as SQL injections, XSS vulnerabilities, and SSRF attacks before they reach production.
By integrating these reviews into the development cycle, Claude Code users can now identify flaws using a security-focused prompt. Once flagged, Claude can also be prompted to suggest or implement fixes.
Anthropic said this approach helps shift security checks left, making them part of the development process rather than a late audit.
The GitHub Action automatically scans code changes when pull requests are opened, posting inline comments with recommendations. Developers can customise rules to filter out known issues and reduce false positives. This ensures security reviews remain consistent and aligned with team policies.
Anthropic says that it is already using the feature internally and said it has prevented vulnerabilities in its own codebase. In one instance, a remote code execution flaw linked to a local HTTP server was caught and resolved before merging. Another flagged case involved a server-side request forgery (SSRF) risk in a proxy system handling internal credentials.
With AI playing a growing role in coding, more companies are constantly upgrading their capabilities and tools. Similar to this, Google recently launched Gemini CLI GitHub Actions, its open-source AI agent that automates coding tasks like issue triage and pull request reviews, offering customisable workflows and secure GitHub integration.
The post Claude Code Adds Automated Security Review Features for Developers appeared first on Analytics India Magazine.
