Anthropic Claude Security
With the announcement of Claude Mythos, security teams kind of panicked.
Anthropic gave the security teams from some big players access to the software to big players like JP Morgan Chase and Microsoft, but that doesn’t help the millions of other businesses that will see hackers use Mythos against them. The White House is concerned about Anthropic giving more companies access to it for a variety of reasons, but they just told the White House thanks but no thanks – see below.
This is a race to avoid armagedon.
Anthropic has released Claude Security. It is the defenders’ version of Mythos.
It is available in public beta at claude.ai/security.
In order to use it you must have a Claude Enterprise account – for the moment. While Enterprise is more expensive than other Claude accounts, the cost is not horrible.
Here is how it works. Users can select one of their code repositories or even a branch and start a scan. Like Mythos, it looks for and documents vulnerabilities, it explains its findings, provides a confidence metric on the severity of the vulnerability and how it can be reproduced and it even generates instructions for a targeted patch, which can integrate with Claude Code.
As companies deploy this – and it will take years – it will reduce the time from scan to fix to potentially minutes. The big lead time is whether a company can take systems down to deploy a patch. That will depend on a number of factors, but it will motivate folks to deploy hot-hot operations (two parallel systems in operation where you can take one down to fix things without an outage. There is a whole protocol for hot-hot that defines how you make this work and how it will actually allow you to revert if needed. This is very common in banking. Even a hot-warm scenario will reduce downtime dramatically and allow you to deploy patches with minimal downtime.
Companies like CrowdStrike, Microsoft, Palo Alto Networks, Sentinel One and others are integrating Opus 4.7, which is the core of Claude Security, into their tools, which is great for the average defender.
While Claude Enterprise customers are the canaries in the IT coalmine, Claude Team and Claude Max customers will also be able to get it in the near future. It is unclear what the pricing will be for them. For Enterprise customers, they already pay for each and every token, so they know what they are going to pay. They will be using a lot more tokens. Since the other Claude products are fixed price, I don’t think they will be giving it away for free to those customers, but stay tuned.
Businesses will still need to take advantage of this, but it is the first step to a really significant improvement in security.
Note that for the moment, at least, this doesn’t help critical infrastructure with OT systems – that is a *** MUCH *** harder problem, but we will take this win.
Credit: Security Week
by 