Anthropic rolled out a security-guidance plugin for Claude Code that reviews code changes in real time to catch vulnerabilities as developers write, serving as a lightweight first pass before full code reviews.

The Security Guidance Plugin operates in three integrated stages: an initial lightweight check during edits, a deeper look at the complete git diff after each model turn, and a deepest review during commits or pushes via Claude's Bash tool.

Stage three validates findings by examining surrounding files, sanitizers, and related code paths during commits or pushes to reduce false positives.

Stage two leverages the full context of the generated git diff to catch issues missed by pattern checks, including authorization bypass, insecure object references, server-side request forgery, injection flaws, and weak cryptography.

Developers can extend all three layers with custom rules and repository-specific security checks, enabling tailored security governance.

The plugin is available for free to all Claude Code users, with instant checks that don’t consume model usage costs; deeper reviews draw on Claude’s standard usage budget.

Requirements include Claude Code version 2.1.144 or later and Python 3.8 or newer; lightweight checks run in any directory, while deeper reviews require a git repository.

The full Claude Code Security system uses AI reasoning with models such as Opus 4.6 to perform scans beyond regex, identifying subtle logic and data-flow issues that traditional static analysis may miss.

Investors weighed AI-native security tooling embedded in developers’ workflows after the February 2026 reveal, with stocks of major cybersecurity vendors slipping.

In practice, the system guides developers through three stages: a pre-edit check without a model, a post-model diff analysis, and a final deepest review during commits via the Bash tool.

Stage one targets risky constructs and libraries (like eval, new Function, os.system, child_process.exec) and unsafe DOM patterns such as dangerouslySetInnerHTML and innerHTML usage.

The plugin focuses on common security flaws—such as injection, unsafe deserialization, and insecure DOM APIs—to reduce later manual reviews.