Anthropic / Elyse Betters Picaro / ZDNET
ZDNET’s key takeaways
- Automated security reviews in Claude Code help ensure code safety.
- Spot and fix vulnerabilities before your code reaches production.
- Run the /security-review command in the terminal or via GitHub Action.
Claude Code became generally available in May, and since then, it has become popular among developers for its coding assistance, available right in the terminal or integrated development environments (IDEs). Now, new features are coming to Claude that make it easier to build safely, too.
On Wednesday, Anthropic introduced automated security reviews in Claude Code. They allow developers to more easily identify and fix security concerns, and can be invoked either manually using the new “/security-review” command or automatically via the new GitHub Action for Claude Code.
Also: Claude Code’s new tool is all about maximizing ROI in your organization – how to try it
“On demand or automatically, Claude will review the code that you’re working on, the code that you’re pushing, or your entire repository, and practically identify vulnerabilities and suggest ways to fix them,” said Logan Graham, the engineer behind the new features on the Frontier Red Team at Anthropic, to ZDNET.
Command in Claude Code
All developers have to do is invoke the /security-review command in Claude Code, which will trigger the security analysis in the terminal. Anthropic said Claude will then search the codebase, identify common vulnerabilities such as SQL injection risks, insecure data handling, and authentication flaws, and explain the issues found.
“We want it to be, and I think we can get there soon if it’s not there already, kind of like having the best security engineer or best senior software engineer, over shoulder, helping you do your work, better and securely,” added Graham.
Also: The best AI for coding in 2025 (including a new winner – and what not to use)
After identifying the issues, the user can also ask Claude Code to implement the fixes for each one. This allows developers to catch issues easily by integrating the security reviews before committing the code or before it reaches production. ZDNET’s own David Gewirtz, a computer science professor turned AI innovator, found the update helpful, saying, “Adding the security review as a command is good. Otherwise, you’d have to embed it in each query or add it to their system instructions.”
GitHub Action
Pull requests are an essential part of the collaborative development process, but they require extensive manual review before being merged into the main codebase. Now, with the new GitHub Action for Claude Code, developers can have Claude automatically analyze every pull request when it’s opened, a step that can otherwise be forgotten or overlooked.
Also: Anthropic’s free Claude 4 Sonnet aced my coding tests – but its paid Opus model somehow didn’t
Anthropic said Claude can review code changes for security vulnerabilities, apply customizable rules, and post inline comments with concerns and recommendations for fixes. Anthropic has used GitHub Actions to catch vulnerabilities in its own code before shipping to users, according to the release. Just last week, GitHub Actions identified a remote code execution vulnerability, which was fixed before the pull request was merged.
How to access
To access the /security-review command, update Claude Code to the latest version and run it in your project directory. Anthropic posted documentation for installing and configuring the GitHub Action.
Want more stories about AI? Check out AI Leaderboard, our weekly newsletter.
