App security outfit Checkmarx says automated reviews in Anthropic's Claude Code can catch some bugs but miss others – and sometimes create new risks by executing code while testing it.

Anthropic introduced automated security reviews in Claude Code last month, promising to ensure that "no code reaches production without a baseline security review." The AI-driven review checks for common vulnerability patterns including authentication and authorization flaws, insecure data handling, dependency vulnerabilities, and SQL injection.

Checkmarx reported that the /security-review command in Claude Code was successful in finding simple vulnerabilities such as XSS (cross-site scripting) and even an authorization bypass issue that many static analysis tools might miss. However, it was defeated by a

See Full Page