Claude Security Goes Public Beta — Opus 4.7 Codebase Scanner with Confidence Scoring and Targeted Patch Generation, Enterprise Customers Today
Anthropic launched Claude Security in public beta yesterday morning, taking the product out of the closed research preview that started in February as Claude Code Security. The release is exclusive to Claude Enterprise customers at launch; Team and Max plan support is on the “coming soon” track. Hundreds of organizations ran the preview between February and this week, and Anthropic credits that feedback for the shape of the public-beta surface. The product is positioned as a dedicated defensive tool for security teams — the architectural counterpart to Mythos Preview’s offensive capabilities, kept inside Project Glasswing’s controlled-access design. Claude Security uses Opus 4.7 under the hood, not Mythos.
Capability map: Claude Security reasons over entire codebases. It traces data flows across files, reads the source, examines how modules interact, and synthesizes the network effects across components. The output for each finding ships in five fields: an explanation of the vulnerability in plain language, a confidence score on whether the finding is real, a severity rating, a likely-impact assessment, reproduction steps, and a recommended patch. The team-positioning argument from Anthropic is that this is what gets the product past the false-positive wall every CISO has hit on legacy SAST tools — the explanations and confidence scoring are what make the findings actionable instead of triage-noise. Operational features: scheduled and targeted scans, audit-system integration, and triaged-finding tracking are in the launch surface.
Six Major Security Vendors Ship Opus 4.7 Integrations on the Same Day — CrowdStrike Project QuiltWorks Lands as the Reference Architecture
The Claude Security launch did not arrive alone. Anthropic coordinated a six-vendor channel coalition for the same morning: CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, TrendAI (Trend Micro), and Wiz are all embedding Opus 4.7 into their platforms. CrowdStrike shipped the most-detailed publication of the cohort — Project QuiltWorks, an internal program that puts Opus 4.7 to work across the Falcon platform. TrendAI’s release frames the partnership as “AI-accelerated threat intelligence” for vulnerability identification, prioritization, and mitigation. Services partners on the same announcement: Accenture, BCG, Deloitte, Infosys, and PwC are positioned to integrate Claude into their security delivery practices. The whole picture lands as a single distribution play.
Strategic read: Anthropic just shipped the defender side of the Mythos story at the same surface area the offensive side reaches. Mythos Preview is locked behind Project Glasswing for ~50 organizations and the White House blocked the expansion to ~120 yesterday. Claude Security plus the six-vendor coalition is the parallel distribution channel for Opus 4.7 cyber capability that does not require a White House meeting. The pricing argument inside the SOC budget is now: pay for Claude Enterprise to run Claude Security inside your own audit pipeline, or get the same capability through CrowdStrike, Microsoft Security, Palo Alto, SentinelOne, TrendAI, or Wiz inside a tool you already buy. Either path pulls Opus 4.7 inference revenue. The six-vendor announcement is the part of the launch that should be on every enterprise-AI investor’s board this morning.
AISI Publishes Mythos Preview Cyber-Capability Eval — 73% on Expert-Level Tasks, Multi-Stage Attacks Autonomous Under Network Access
The UK AI Security Institute’s formal evaluation of Claude Mythos Preview’s cyber capabilities is now public. Headline number to circle: 73% success on expert-level offensive tasks — the kind of work no frontier model could complete before April 2025. Under explicit direction with network access, Mythos was able to execute multi-stage attacks on vulnerable networks and to discover-and-exploit unknown vulnerabilities autonomously, the kind of work that takes human professional teams days to do. AISI was direct about the limits: the test environments did not have active defenders or defensive tooling, and there were no penalties for the model triggering security alerts. The eval cannot say whether Mythos would succeed against well-defended systems. Future testing will simulate hardened environments with active monitoring, EDR, and real-time incident response.
Why this matters in the same week as the Claude Security launch: AISI’s eval is the formal capability bound that the regulator-vendor working group is now operating against. Treasury, BoE, FCA, NCSC, and AISI use this number when they sit down with Anthropic on the UK Mythos negotiation that has been “within days” for two weeks now. AISI also published a separate sabotage evaluation of Mythos and Opus 4.7 earlier in the week. The pairing matters because the two together are what the EU AI Office and the Japanese Cabinet are reading before they make their first formal moves on Mythos-class regulation — both jurisdictions have not shown public hands but are inside the mid-May window now. The framing emerging from CETaS at the Alan Turing Institute is the one to watch: Mythos is the shift from “model regulation” to “capability regulation,” and AISI’s number is the first evidentiary fact that lands on regulators’ desks in that frame.
Claude Security Onboarding Path: Enterprise Today, Team and Max Soon, Bring-Your-Own-Repos and Audit-System Pipe-Through
Practical onboarding shape for any team with a Claude Enterprise contract this morning. Claude Security mounts on top of the existing Enterprise plan — no separate procurement cycle for the public beta. The product surface is bring-your-own-repository: scheduled scans against the codebases the team already has connected, plus targeted scans on demand. Findings ingest into the audit pipe via the streamlined integration the launch announcement names; that is the box CISOs are watching, because the “findings live in our audit system, not in a separate Anthropic dashboard” story is the one that gets past the security review at most regulated shops. Triaged-finding tracking lets the team mark issues as accepted-risk, in-progress, or fixed without leaving the integrated view.
The migration story for shops already using Claude Code Security from the February private preview: same product, same model (Opus 4.7), expanded capability surface. Anthropic has not published a feature diff yet, but the public-beta release notes promise scheduled scans, audit-system integration, and triaged-finding tracking as the named net-new pieces over the preview. Team and Max plan support is on the roadmap with no public date; the Anthropic positioning is that the Enterprise plan is the audited deployment surface, and Team / Max will follow once the audit-trail story is fully equivalent. For shops on lower tiers that want defender capability today, the six-vendor channel partnership path (CrowdStrike, MSFT, Palo Alto, SentinelOne, TrendAI, Wiz) is the available alternative.
Claude Code 2.1.123 Holds Through the Week — xhigh Effort, /recap, and Built-in Slash Command Discovery Are the Stickier Wins
Claude Code is sitting on 2.1.123 three days after the April 29 ship and the canary cycle continues to hold. No 2.1.124 yet on either the GitHub releases or the npm version page going into Friday. The OAuth 401 retry-loop fix from 2.1.123 for shops setting CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 is the upgrade trigger that matters most for compliance-controlled estates. The deeper wins from the surrounding cycle are the ones engineering leads are still onboarding teams onto: the new xhigh effort level (between high and max) sits behind the /effort, --effort, and model picker UI, with non-Opus 4.7 models falling back to high; auto mode is on for Max subscribers using Opus 4.7 with no --enable-auto-mode flag required.
Two ergonomics features pinning into team practice this week: the /recap slash command (and /config setting) for resuming sessions with a summary of state at re-entry, and the model’s ability to discover and invoke built-in slash commands — /init, /review, /security-review — via the Skill tool, which makes these commands available to agentic loops without manual orchestration. Voice STT now supports 10 new languages for 20 total. The /claude-api skill for building applications against the Claude API and Anthropic SDK is the path to watch for shops standardizing on Claude-driven app scaffolding. Pin recommendation for production estates: hold 2.1.123 through this weekend; the cycle has not produced a regression cluster the way 2.1.120 did last week.
Status Page Clean Going Into Friday — Two-Day No-Incident Window After the Three-Hit Streak Closed Yesterday
The Claude status page is clean going into Friday morning — first multi-day no-incident window for Claude.ai and the Anthropic API in roughly seven days. The cumulative event count for the rolling week stops at three: Tuesday’s 78-minute multi-surface API outage, Wednesday’s Haiku 4.5 elevated-error window between 12:37 and 13:37 UTC, and Thursday’s brief overnight blip at 01:20 UTC that resolved by 09:08 UTC. None individually crossed the “board level” threshold; the cumulative pattern is the part platform engineering teams kept flagging through the week. Status holds clean going into the Friday-into-weekend window where API traffic typically tapers but inference-on-Opus loads stay heavy for batch jobs.
Operational read for finops and SRE going into May: the rate-limits API that shipped Saturday April 25 is now the right primary instrument for the weekly outage-cumulative threshold conversation. Pair the rate-limits feed with multi-region failover and Bedrock/Vertex secondary deployment paths; if the rolling-7-day count crosses three again, that is the budget threshold for the secondary surface. Anthropic has not yet shipped a postmortem for Tuesday’s 78-minute event — the typical inside-ten-business-days cadence puts that publication around May 8 to May 11. For shops still routing production traffic through the direct API path only, this is the week the Bedrock/Vertex decision lands on the engineering board.
CrowdStrike Project QuiltWorks — Opus 4.7 Embedded Across the Falcon Platform, Defender-Side Reference Architecture for the Six-Vendor Cohort
CrowdStrike’s Wednesday-into-Thursday release on Project QuiltWorks is the most detailed defender-side architecture publication of the six-vendor coalition Anthropic shipped yesterday. QuiltWorks is the internal program name for the work CrowdStrike has been doing to embed Opus 4.7 across the Falcon platform — not as a wrapper or a single feature, but as a foundational reasoning layer. The model reads telemetry across endpoints, traces relationships between alerts, reasons through the kill-chain narrative across Falcon’s detection surface, and produces remediation paths the SOC analyst can act on inside the existing console. CrowdStrike is positioning this as the shift from “AI feature inside Falcon” to “Falcon’s reasoning layer is Opus 4.7.”
For the rest of the cohort: TrendAI’s release frames its integration as “AI-accelerated threat intelligence” for vulnerability identification, prioritization, and mitigation; Microsoft Security, Palo Alto Networks, SentinelOne, and Wiz have not yet published comparable architectural detail but each named integrating Opus 4.7 into their respective platforms. The “defender side ships at offense speed” story is the strategic frame that ties the launch and the eval together. AISI’s 73% expert-task number on Mythos Preview is the offensive bound; the six-vendor coalition plus Claude Security is the defensive surface area that has to keep up with it. The next watch item: how fast Microsoft Security publishes its analog to QuiltWorks, because the Defender-side integration is the largest commercial surface in the cohort.
White House Mythos Civilian-Block Holds Going Into the Weekend — UK Track Continues, IPO Narrative Tightens
Day-two coverage of yesterday’s Wall Street Journal scoop has resolved in the same shape it broke. The White House opposition to Anthropic’s plan to widen Mythos access to roughly 70 additional companies is firm; Bloomberg, The Hill, Business Standard, and TNW have all confirmed the same two cited concerns — compute capacity for federal Mythos use, and the unauthorized-access incident that hit a private forum the day Anthropic announced the expansion. No US civilian Mythos expansion is moving this week. The parallel executive action drafting effort to restore Anthropic across federal agencies in a workaround of the Pentagon’s national-security supply-chain risk designation continues; Axios is sourced for that, and the line in the coverage is “mid-May or sooner.” Anthropic has not commented publicly on either track.
The UK negotiation has not moved forward publicly this week; AISI’s eval publication this morning is the formal capability-bound the working group is now operating against. The Reuters “within days” report from April 16 is now fifteen days past. The IPO read for the October window: the “policy-gated frontier capability” line is now a documented operating-environment fact, not a thesis. Today’s Claude Security launch is the company’s direct counterpoint — defender-side capability shipped through commercial channels does not require White House sign-off, and the six-vendor coalition is the proof that Anthropic can ship cyber-relevant Opus 4.7 capability at commercial scale even while Mythos commercial expansion is policy-blocked. The S-1 narrative now has two distribution lanes for cyber capability: one offensive (Mythos / Glasswing / sovereign), one defensive (Claude Security / channel / commercial).
Sonnet 4.8 Watch Window Open — Opus 4.7 Shipped April 16, Sonnet Cadence Puts the Drop Inside May
The community is back on Sonnet 4.8 watch going into May. Anthropic’s typical cadence puts the next Sonnet generation 1-4 weeks after the corresponding Opus release; Opus 4.7 shipped April 16, which means the May window is the working assumption. There is no Sonnet 4.7 — the next number in the Sonnet line is 4.8, confirmed by references that surfaced in the leaked Claude Code source-map file from March (the accidental npm-package shipped source map exposed roughly 512,000 lines of TypeScript including unreleased model references). Expected feature shape from leaked references and the public Sonnet roadmap: vision upgrades following Opus 4.7’s 98.5% visual-acuity number, better coding benchmarks, higher-resolution image support, and improved instruction-following on agentic loops. Likely pricing: $3 / $15 per MTok, unchanged from Sonnet 4.6.
The reason this matters for technical-publications and S1000D-adjacent shops: Sonnet 4.8 is the model that lands inside the price-performance band most production-grade content workflows are budgeted around. Opus 4.7 is the reasoning ceiling; Sonnet 4.6 is the default Sonnet today; Sonnet 4.8 is the upgrade pin for shops running Sonnet on the production line for ingestion, tagging, and structured-output paths. The leaked references also name KAIROS persistent agents and Undercover Mode in the same source map — both signal feature surfaces that will land alongside or just after Sonnet 4.8. For shops planning the next quarterly model-pin review, May is the calendar window where the decision lands.
The Defender Lane Is the Story: Anthropic Built a Commercial Channel for Cyber Capability That Doesn’t Need a White House Meeting
Yesterday closed with the White House blocking commercial Mythos expansion. Today opens with Claude Security in public beta and six of the largest security vendors in the world embedding Opus 4.7 across their platforms. Read those two events together and the strategic shape of Anthropic’s cyber distribution is now visible: there are two lanes, not one. The offensive lane — Mythos Preview, Project Glasswing, the ~50-organization controlled-access perimeter — is policy-gated and slow. The defender lane — Claude Security on Enterprise plus the CrowdStrike / Microsoft Security / Palo Alto / SentinelOne / TrendAI / Wiz channel coalition — is commercial-gated and fast. Yesterday’s policy block constrained the first lane; today’s product launch opened the second. The two events arriving in the same 24-hour window is not a coincidence. It is the answer.
The investor read into the October IPO window: this is the morning the “policy-gated frontier capability” bear thesis got a structural counterpoint that the S-1 narrative can stand on. Anthropic now has a defensive cyber distribution surface that runs on Opus 4.7 (already GA), routes through the security vendors a Fortune 500 CISO already buys from, and does not require a controlled-access perimeter or a sovereign negotiation. AISI’s 73% expert-task number on Mythos Preview defines the offensive bound that the defender side has to keep up with; Claude Security plus the six-vendor coalition is the answer. The result is that the cyber line in the Anthropic revenue stack is no longer one-channel-one-customer-at-a-time. It is two channels: the policy-gated offensive lane, which is large per-customer and slow per-deal; and the commercial defensive lane, which is broad-distribution and ships at the speed of the channel. The two together are what the cyber-revenue line in the IPO model has to be built around now — not Mythos alone.