Anthropic security-guidance: Claude plugin that fixes code vulnerabilities

Anthropic released a security plugin: security-guidance

It makes Claude, while working, check its own code changes for common vulnerabilities and immediately fix any issues found in the same session.

It works via hooks and performs code checks at three levels:

- During file changes: looks for potentially dangerous patterns, for example, commonly misused dangerous libraries.
- After each model step: analyzes the entire diff to detect more complex and less obvious security issues.
- During commit creation: examines the surrounding code context to verify and confirm detected vulnerabilities.

Anthropic:
We actively use this plugin internally at Anthropic.

Based on internal rollout and testing, we’re seeing a 30–40% reduction in security-related comments in PRs created using the plugin.

The plugin serves as a lightweight first stage of review, helping catch issues before a full code review.

You can add organization-specific rules to the file claude-security-guidance.md. Place it in the repository or distribute it via MDM.

The plugin will apply your security policies alongside the built-in checks.

Available to all Claude Code users. You can install it from the plugin marketplace (/plugins).

After installation, the plugin works automatically. There’s no need to run anything extra and no separate commands to remember.