According to The Rundown AI, Anthropic partnered with Mozilla and used Claude Opus 4.6 to analyze Firefox’s C++ codebase for two weeks, scanning nearly 6,000 files, submitting 112 reports, confirming 22 vulnerabilities, and earning 14 high‑severity ratings from Mozilla, accounting for roughly one fifth of recent high‑severity Firefox issues. As reported by The Rundown AI, this targeted code audit highlights practical enterprise use cases for LLM‑based security testing, including faster triage of memory safety defects common in large C++ projects and scalable bug discovery that can complement human review in secure software development lifecycles. According to The Rundown AI, the collaboration underscores a growing market opportunity for AI‑assisted application security tooling, where models like Claude Opus 4.6 can reduce mean time to detect, prioritize high‑impact findings, and expand coverage across legacy code, creating potential ROI for vendors integrating LLMs into static analysis, fuzzing workflows, and CI pipelines.

According to OpenAI on X, Codex Security—an application security agent—has entered research preview, aimed at helping developers detect and remediate code and dependency risks in real time (source: OpenAI post; original details: OpenAI blog). According to the OpenAI blog, the agent integrates with developer workflows to analyze codebases, surface vulnerabilities, and suggest fixes, targeting use cases like secure code review, secrets detection, and third‑party package risk assessment. As reported by OpenAI, early capabilities focus on static analysis augmentation and policy-aware remediation guidance, positioning Codex Security as a co-pilot for AppSec teams to reduce mean time to remediation and shift-left security in CI pipelines. According to OpenAI, the research preview invites security and engineering teams to test integrations and provide feedback on accuracy, latency, and safe deployment, signaling new opportunities for vendors to build agentic security tooling and for enterprises to automate compliance checks and vulnerability triage.

According to @bcherny on X, Anthropic is rolling out Claude Code Security as a limited research preview for Team and Enterprise customers, after the tool surfaced "impressive (and scary)" security issues in internal testing. According to Anthropic’s announcement, the system scans entire codebases for vulnerabilities and proposes targeted software patches for human review, aiming to catch issues traditional static analysis tools miss, which could shorten remediation cycles and reduce mean time to resolve for AppSec teams. As reported by Anthropic, the launch prioritizes secure-by-default workflows where developers receive concrete diff-style patch suggestions and explanations, potentially improving developer adoption versus alert-only scanners and creating new opportunities for enterprise security platforms and MSSPs to integrate AI-assisted remediation.

According to @bcherny, Claude Code ships with a permission model that combines prompt injection detection, static analysis, sandboxing, and human oversight to control tool execution, as reported on Twitter and documented by Anthropic at code.claude.com/docs/en/permissions. According to the Anthropic docs, teams can run /permissions to expand pre-approved commands by editing allow and block lists and checking them into settings.json for organization-wide policy enforcement. According to @bcherny, full wildcard syntax is supported for granular scoping, for example Bash(bun run *) and Edit(/docs/**), enabling safer automation while reducing friction for common developer workflows. According to the Anthropic docs, this approach helps enterprises standardize guardrails, mitigate prompt injection risks, and accelerate adoption of agentic coding assistants in CI, repositories, and internal docs.