Anthropic Releases Free Claude Code Security Plugin to Catch Vulnerabilities During Coding

Anthropic has released a free security-guidance plugin for Claude Code that reviews code changes during a development session and helps Claude fix potential vulnerabilities before they reach a pull request.

The plugin is documented in Anthropic’s Claude Code security guidance page and runs automatically once installed. It checks Claude’s code changes at three points: after file edits, after each conversational turn, and when Claude performs certain git commit or push actions through its Bash tool.

The goal is to move security checks earlier in the AI-assisted coding workflow. Instead of waiting for a pull request review or CI scan to catch every issue, the plugin gives Claude security findings while the coding session is still active.

What the Claude Code Security Plugin Does

The plugin reviews Claude’s own code changes for common security problems and feeds findings back into the same session. Claude can then address the issue immediately rather than leaving it for a later human reviewer.

According to Help Net Security, Anthropic says the plugin is designed to catch issues such as injection flaws, unsafe deserialization, and insecure DOM APIs before code reaches pull requests. The plugin is free for all users and available on all plans.

This makes the release useful for developers using Claude Code in day-to-day work, but it also comes with limits. It does not block writes or commits, and it does not replace existing static analysis, dependency scanning, CI checks, or manual review.

Review stage	What it checks	Cost impact
Per file edit	Risky patterns such as eval, new Function, os.system, child_process.exec, pickle, dangerouslySetInnerHTML, and innerHTML usage	No model call, so no extra usage cost
End of each turn	The git diff for changes made during the turn, including logic-level issues that string checks may miss	Uses Claude model usage
Claude commit or push	A deeper agentic review that reads surrounding code, callers, sanitizers, and related files	Uses Claude model usage and can take multiple turns

The Plugin Uses Three Review Layers

The first layer runs after Claude writes to a file. It performs a deterministic pattern match for risky constructs, so it does not need a model call. Examples include dynamic code execution, unsafe deserialization, DOM injection, and workflow-file edits that could affect repository permissions.

The second layer runs after a Claude turn ends. The plugin computes the git diff of everything changed during that turn and sends it to a separate Claude review focused on security. This review can catch issues such as authorization bypass, insecure direct object references, server-side request forgery, injection, and weak cryptography.

The third layer runs when Claude executes a git commit or git push through its Bash tool. This review reads more surrounding context to reduce false positives. Anthropic’s documentation says commits run from a user’s own shell are not reviewed by this layer.

Why This Matters for AI-Assisted Coding

AI coding tools can generate useful code quickly, but speed can also push insecure patterns into projects faster. A generated route, helper, serializer, workflow file, or authentication check may look correct at first glance while still introducing a real vulnerability.

The security-guidance plugin addresses that risk inside the same workflow developers already use. Instead of asking a separate tool to scan the branch after the session, Claude receives security feedback while it still has the current task in context.

We’ve shipped a security-guidance plugin for Claude Code that helps identify and fix vulnerabilities as you’re writing code.

Available for all Claude Code users. Install from the plugin marketplace (/plugins). pic.twitter.com/LprgC4m6Kf

— ClaudeDevs (@ClaudeDevs) May 26, 2026

Help Net Security reported that Anthropic saw a 30 to 40 percent decrease in security-related pull-request comments on PRs opened using the plugin during internal rollout and benchmarks. That figure suggests the plugin can reduce review burden, but it does not mean later checks become optional.

How Developers Install It

Developers can install the plugin from the official Anthropic marketplace inside a Claude Code session. Anthropic’s instructions use the plugin name security-guidance@claude-plugins-official, followed by a plugin reload.

The plugin requires Claude Code CLI version 2.1.144 or later and Python 3.8 or later on the system path. The per-edit pattern check can work outside a git repository, but the end-of-turn and commit reviews need git state.

On first run, the plugin creates a security environment under the user’s Claude directory and installs the Claude Agent SDK for agentic commit reviews. If that setup fails, the commit review can fall back to a single-shot review instead.

• Install the plugin inside Claude Code.
• Reload plugins in the current session.
• Use a git repository for end-of-turn and commit reviews.
• Keep Python 3.8 or later available on the system path.
• Check the plugin diagnostics log if reviews do not appear.

Teams Can Add Their Own Security Rules

Anthropic lets developers customize the plugin with two repo-level files. A .claude/claude-security-guidance.md file adds plain-language security guidance for the model-backed reviews, while .claude/security-patterns.yaml adds custom regex or substring checks for the deterministic file-edit scan.

The security guidance documentation says these custom rules are additive. Developers can add checks for organization-specific risks, but those files do not remove built-in vulnerability checks or turn the plugin into a hard enforcement gate.

Organizations can also enable the plugin through a checked-in .claude/settings.json file or through managed settings. That allows teams to make the plugin part of a shared Claude Code setup rather than asking each developer to configure it manually.

How It Relates to Claude Code Security Review

Anthropic already offers a separate security review workflow for pull requests. The claude-code-security-review repository describes a GitHub Action that uses Claude Code to analyze code changes for security vulnerabilities and comment on pull requests.

The new plugin sits earlier in the development process. It tries to reduce what reaches a pull request by catching obvious and context-aware issues while Claude is still editing files.

The same repository also notes that Claude Code includes a /security-review command for a focused review of pending changes. In practice, teams can use the in-session plugin, on-demand review, pull-request review, and CI scanners together rather than choosing only one layer.

What the Plugin Can and Cannot Do

The plugin can help spot common vulnerability patterns quickly, especially in code that Claude writes. It can also catch some logic-level flaws that simple pattern matching may miss because the end-of-turn and commit reviews use a separate Claude call with a fresh security-focused context.

However, it does not guarantee safe code. Anthropic says none of the review layers block writes or commits, and findings reach the writing Claude as instructions. The model can still miss issues, and the plugin should sit alongside existing secure development controls.

Teams should continue using static analysis, secret scanning, dependency scanning, code-owner reviews, threat modeling, and CI checks. The plugin’s value is that it catches some issues earlier, before they turn into pull-request noise or production risk.

• Good fit: catching risky code patterns during a Claude Code session.
• Good fit: reducing security findings before pull request review.
• Good fit: adding repo-specific guidance for common internal mistakes.
• Not enough: replacing CI security tools.
• Not enough: enforcing hard policy gates.
• Not enough: reviewing commits made outside Claude’s Bash tool.

Why Developers Should Pay Attention

The release shows how AI coding tools are starting to add security feedback directly into the coding loop. That is important because developers often fix vulnerabilities faster when the code is fresh in their mind.

The Claude Code Security Reviewer project still has a role for pull-request analysis, especially in teams that want comments, artifacts, and workflow integration. The plugin fills a different gap by acting earlier, while the session is still active.

For teams already using Claude Code, the security-guidance plugin is worth testing because it adds a low-friction first pass. It will not replace AppSec work, but it can help reduce preventable mistakes before they become review findings.

FAQ