As concerns persist that artificial intelligence (AI) will render software useless, Anthropic, a U.S. AI company, recently released a security check tool, Claude Code Security, that is sending shock waves through the security industry. With projections that a security AI agent (assistant) that finds security vulnerabilities on its own will replace traditional security solutions, shares of major cybersecurity corporations plunged across the board. In fact, the share prices of large security corporations such as CrowdStrike, Zscaler, and Palo Alto Networks fell by as much as 10% immediately after Anthropic released its new security tool.
Analysts say the SaaSpocalypse (software as a service + apocalypse) scare triggered by Anthropic is spreading to the security industry. However, the security sector argues that because Claude Code Security's capabilities are limited to detecting code vulnerabilities, it cannot replace existing security solutions that capture and respond to threats in real time in corporate environments anytime soon.
◇ The 'AI threat' hits the security industry… security stocks weaken
According to the industry on the 2nd, Claude Code Security is a security check feature that Anthropic added to its developer coding tool, Claude Code, on the 20th, which reads and reasons over code like a security researcher to find vulnerabilities that could be exploited for hacking and proposes fixes (patches). Anthropic said, "There are too many vulnerabilities to fix, and corporations' security staff are far too few," adding, "Claude Code Security protects code from new types of AI-driven attacks and helps teams discover and remediate vulnerabilities that are easy to miss with conventional methods."
As fears grew that such AI security features could erode enterprise security solutions in the future, cybersecurity-related stocks were also hit last month. Startled by the market reaction, chiefs of global security corporations moved quickly to contain it.
They stressed that Anthropic's Claude Code Security is confined to code vulnerability detection and thus differs in nature from enterprise security solutions. It operates at a different layer of the security stack (security architecture), which is built on a multilayered defense structure.
A security stack consists of layers such as endpoint intrusion detection and response for PCs and mobile devices, network defense, cloud security, identity management, data protection, and application security. Claude Code Security covers the application security area here, particularly focusing on finding potential vulnerabilities during development, giving it a strong preventive character. By contrast, security solutions from Palo Alto or CrowdStrike span the endpoint, network, cloud, and identity security areas by detecting and blocking threats in real time in actual corporate operating environments.
For example, Claude Code Security cannot respond when a hacker infiltrates a corporation's network and lies dormant or when an employee clicks a phishing L.I.N.C, but an enterprise security platform can detect an ongoing attack and immediately isolate infected devices or block malware. Experts also noted that the AI applied to enterprise security platforms is specialized AI trained on massive volumes of attack data, with different design purposes and characteristics.
George Kurtz, CEO of CrowdStrike, said, "AI innovation is encouraging, but we need to face reality," adding, "Claude Code Security is a code vulnerability scanner and a patch suggestion tool, nothing that can replace the entire security architecture." He emphasized that when the prompt "Create a tool that can replace CrowdStrike" was entered into the Claude AI chatbot, Claude replied, "A large security platform built by thousands of engineers over 10 years cannot be implemented with a simple script."
◇ 'A supporting role in the short term, but could reshape the security industry in the long term'
Anthropic's developer-focused AI security check tool is not new. Competitors have already rolled out similar features and have pushed for security automation at the development stage. The open-source platform GitHub has operated Copilot Autofix, an AI-based automatic vulnerability remediation feature, since 2023, and Google DeepMind is carrying out the Big Sleep Project, in which AI explores vulnerabilities on its own.
Accordingly, the industry sees AI tools like Claude Code Security as more likely to complement existing security solutions for the time being rather than replace them. In fact, even though Google adopted an AI tool that detects code vulnerabilities and proposes fixes earlier than Anthropic, it still runs a large-scale cybersecurity organization and continues to invest heavily in security technology. A representative example is its acquisition last year of Israeli security corporation Wiz for $32 billion (about 46.5 trillion won).
Investment bank Bank of America (BoA) said, "Anthropic's Claude Code Security could affect corporations that operate code vulnerability checking tools, such as GitLab or JFrog, but it still lacks the visibility and operational stability to replace an integrated security platform."
However, some say that as such AI-based tools rapidly advance, they could expand beyond code vulnerability detection into other areas. Yeom Heung-ryeol, an emeritus professor at Soonchunhyang University, said, "For now, Anthropic's AI-based security tools and the like are auxiliary means that cannot be used without human involvement, but as they become more complete, they could be used to build software for advanced security solutions," adding, "We need to watch the pace of technological progress, but in the long term they will likely pose a threat to the security industry."