InfoSecBulletin Cybersecurity for mankind
Anthropic has released a tool that acts like a careful assistant in your terminal. This new security plugin for Claude Code checks code as it’s being made or changed, pointing out common problems before they reach production.
The plugin is already included in the Anthropic marketplace. It uses pattern matching to find about 25 risky code patterns. This includes unsafe loading, hardcoded secrets, and errors that make penetration testers happy. When it finds an issue, Claude suggests fixes right away, so developers don’t have to switch to another security tool.
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
CVE-2026-0257
Palo Alto Warns of GlobalProtect VPN Vuln Actively Exploited
BD Gov.t to set up Tk192.66cr AI hub with support from Koica
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases With Zero Authentication
Anthropic disables Fable 5 and Mythos 5 Access after US order limiting foreign access
Using AI, Researcher Hacks Google and Earns $500,000 Bug Bounty
Chrome 149 fixes 28 flaws, including critical UAF bugs
How the plugin actually works
The security-guidance tool works within Claude Code’s terminal. It checks the code as it is being written or changed. It looks for issues like hardcoded API keys, unsafe deserialization, bad input checks, and other weaknesses that cause many real-life security problems.
The plugin works right in the coding session, so Claude can suggest fixes right away. The developer sees the alert, checks the fix, and continues.
Installation and Customization
Installing the plugin takes a single command inside a Claude Code session:
text/plugin install security-guidance@claude-plugins-official
/reload-plugins
Developers can extend the plugin’s behavior via two repo-level files — a .claude/claude-security-guidance.md file for plain-language threat model rules fed to the model reviewers, and a .claude/security-patterns.yaml file for custom regex or substring patterns applied to the per-edit check.
Organizations can make all team members use the plugin by saying so in .claude/settings.json, and admins can apply it for the whole organization through managed settings.
Part of a larger security play
The security-guidance tool isn’t something separate. It is part of Anthropic’s larger Claude Code Security project, which started as a limited research preview on February 20, 2026, and then opened to public beta for Enterprise users by late April 2026.
The complete Claude Code Security system is more than just regex pattern matching. It uses advanced AI thinking from models like Opus 4.6 to scan code thoroughly. This method imitates how human security experts look for vulnerabilities, finding small logic problems and data-flow issues that normal static analysis tools often overlook.
Anthropic says the system found over 500 serious problems in open-source code that were not known before. This was confirmed through internal tests and competitions. The system also offers specific fixes for humans to review, making sure developers are involved in the final choices.
What this means for the security industry and tech investors
After Claude Code Security shared its research preview in February 2026, the stock prices of big cybersecurity companies dropped. This drop showed that investors were worried about how AI-based security tools could change how developers work.
For developers, the math is simple. If you use Claude Code, turning on security advice is basically free extra safety. The plugin that uses regex finds easy problems, while the bigger Enterprise security features do more detailed checks for teams ready to spend money.
Related News:
Microsoft patches SharePoint RCE flaw CVE-2026-45659 across servers
CERT-In Recommends 12-Hour Patching for Internet Facing Flaws Amid AI Attacks
WhatsApp users on alert after hacker drops 3TB data
FBI alerts on Kali365 phishing targeting Microsoft 365 accounts
Terra Security researchers discovered Flaws in Anthropic’s Claude Code
