Claude Code Now Catches Security Bugs as You Write - Free Anthropic Plugin Goes Live

Anthropic has launched a free security plugin for Claude Code that automatically reviews code as developers write it, flagging dangerous patterns before they reach pull requests. The plugin integrates directly into the development workflow, monitoring every file edit, model output, and commit. The plugin uses deterministic pattern matching to identify common security vulnerabilities including eval statements, os.system calls, pickle deserialisation, dangerouslySetInnerHTML usage, and other constructs frequently cited in CVE reports. Internal testing showed the plugin reduced security-related comments on pull requests by 30-40%, addressing the repetitive nature of flagging the same recurring security mistakes in code reviews. The release timing follows recent security disclosures, with four research teams publishing remote code execution vulnerabilities in Claude Code itself earlier this month. The security plugin appears to be part of Anthropic's response to these findings, demonstrating a proactive approach to addressing security concerns. Developers can install the plugin with a single slash command: /plugin install security-guidance@claude-plugins-official. The tool gained significant traction immediately, recording 157,000 downloads within its first 24 hours of availability.