AI code tools won't make cybersecurity obsolete

Anthropic, OpenAI and Google have unveiled tools that can scan, flag and even propose fixes for vulnerabilities in code. Anthropic's Claude Code Security and OpenAI's Aardvark automate discovery of flaws and suggest patches, while DeepMind's CodeMender has both proposed and upstreamed fixes to open-source projects.

These offerings are already integrated with the companies' development platforms and threaten some traditional AppSec and observability products. Even so, scanning and patching source code addresses only part of the problem. Modern software is an “artifact” made of libraries, containers and compiled releases, and many risks arise in the packaging, supply chain and runtime environments that code scanning alone cannot eliminate.

Security also depends on network and endpoint protections, identity and access controls, real-time monitoring and human incident response.

anthropic, openai, google, deepmind, code scanning, code patching, vulnerabilities, appsec, supply chain, observability