Anthropic Introduces Code Review with Claude’s Code to Automate Complex Security Research Using Advanced Multi-Step Consultation Loops

In the frenzied arms race of ‘code AI,’ we’ve passed the era of glorified auto-completion. Today, Anthropic doubles down on the most ambitious idea: an AI agent that not only writes your boilerplate, but actually. you understand why is your Kubernetes cluster screaming at 3:00 AM.

With the recent introduction of Claude Code and its high octane Code Review skills, Anthropic shows range from ‘chatbot’ to ‘editor.’ For devs drowning in legacy technical debt, the message is clear: the bar for ‘good enough’ code has already been set too high.

Agentic Leap: Beyond Static Analysis

The main idea of ​​this update is to switch to agent code. Unlike traditional Static Analysis Security Testing (SAST) tools that rely on strict pattern matching, Code Claude acts as a formal agent. According to Anthropic’s latest internal benchmarks, the model can now round up the average 21.2 independent tool calls-such as editing files, running terminal commands, and navigating directories-without requiring human intervention. That’s a 116% increase in independence over the past six months.

This means that Claude is not looking at just one file; it’s thinking through your entire archive. It uses special CLAUDE.md file—AI’s ‘handbook’—to understand project-specific protocols, data pipeline dependencies, and infrastructure questions.

Inside the ‘Code Review’ engine

When you do an update with Claude Code, the model just doesn’t look for missing semicolons. Do what is called Anthropic frontier of cybersecurity thinking.

Get the latest driver for Mozilla Firefox. In just two weeks, Claude Opus 4.6 scanned the browser’s vast codebase and revealed 22 vulnerabilities. Even more impressively, 14 of those were classified as high intensity. To put that in perspective: the entire global security research community typically reports about 70 such bugs for Firefox in a full year.

How does it do it?

1. Logical Reasoning Through Pattern Matching: Instead of looking for ‘known bad’ strings, Claude reasons about algorithms. In the CGIF library, it detected buffer overflows by analyzing the LZW compression logic—a bug that had eluded traditional blurring for decades.
2. Multi-Factor Authentication: All findings go through a self-correction loop. Claude tries to ‘refute’ his vulnerability report to filter out the false positives that often plague AI-generated updates.
3. Repair Instructions: It doesn’t just point to fire; gives you a fire extinguisher. The tool suggests targeted patches that developers can approve or replicate in real-time within the CLI.

Technology Stack: MCP and ‘Auto Accept’ Mode

Anthropic pushes the Model Context Protocol (MCP) such as the extent to which these agents interact with your data. By using MCP servers instead of raw CLI access for sensitive data (like BigQuery), dev teams can maintain granular security logging while allowing Claude to perform complex data migration or infrastructure debugging.

One of the important factors that make waves Automatic reception mode (started by shift+tab). This allows devs to set up independent loops where Claude writes code, runs tests, and iterates until the test passes. It’s the ‘vibe code’ for high-speed business, although Anthropic cautions that people should still be the final gatekeepers of critical business intelligence.

Key Takeaways

• Transition to Agentic Autonomy: We’ve gone beyond simple code completion to agent code. Claude’s code can now compile the average 21.2 independent tool calls (editing files, running terminal commands, and navigating directions) without human intervention—a increased by 116%. for self-governance in the past six months.
• High Risk Detection: In a landmark pilot with Mozilla, Claude came up 22 different vulnerabilities in Firefox in just two weeks. 14 were very difficultrepresenting approx 20% of large-scale bugs typically found by the global research community in a full year.
• Logical Reasoning vs Pattern Matching: Unlike traditional SAST tools that look for ‘known bad’ code strings, Claude uses them frontier of cybersecurity thinking. It identified an abundance of decades-old piles CGIF library through logical analysis LZW compression algorithmswhich was a function that avoided expert human review and automatic fuzzing.
• Default Content with CLAUDE.md and MCP: Professional integration now depends on CLAUDE.md file to provide AI with a project-specific ‘manual’ and Model Context Protocol (MCP) to allow the agent to securely interact with external data sources such as BigQuery or Snowflake without compromising sensitive credentials.
• ‘Auto Accept’ workflow: For maximum speed improvement, the Shift+Tab the shortcut allows devs to convert to it Automatic reception mode. This enables an autonomous loop in which the agent writes code, runs tests, and iterates until the task is solved, changing the developer’s role from ‘writer’ to ‘programmer/director.’

Check it out Technical details. Also, feel free to follow us Twitter and don’t forget to join our 120k+ ML SubReddit and Subscribe to Our newspaper. Wait! are you on telegram? now you can join us on telegram too.