What Is Defending Code?
Anthropic just released Defending Code, an open-source framework designed to help developers use AI to find and fix security vulnerabilities in their codebase. It's available on GitHub and represents one of the most concrete examples of frontier AI labs directly addressing the security challenges their own models create.
The framework pairs large language models with systematic code analysis techniques to automate what was previously a manual, expensive, and error-prone process.
How It Works
At its core, Defending Code works in three stages:
Discovery — The framework scans your codebase using a combination of static analysis and AI-powered pattern recognition. It identifies potential vulnerability signatures, unusual code paths, and dependencies known to have security issues.
Assessment — Each finding is evaluated by an LLM that understands the context of the code, not just the syntax. It can distinguish between a genuine vulnerability and a false positive in a way that traditional scanners struggle with.
Remediation — For many common vulnerability types, Defending Code can propose or even auto-apply fixes, complete with explanations of what changed and why.
Why This Matters for Builders
Security reviews are one of the biggest bottlenecks in shipping fast. For small teams and solo founders, a proper security audit is either expensive or skipped entirely. Defending Code doesn't replace professional security work, but it dramatically lowers the floor — catching the low-hanging fruit that commonly leads to breaches.
The open-source release is also strategically significant. As AI-generated code becomes ubiquitous, the attack surface expands. Anthropic is positioning itself as part of the solution rather than an accelerant of the problem.
Getting Started
The framework is available via GitHub and can be integrated into existing CI/CD pipelines. Documentation covers installation, configuration for different repository structures, and guidance on interpreting results.
For teams already using Claude or other Anthropic models, Defending Code offers a natural extension of their existing workflow rather than requiring a new toolchain.