← all news

Anthropic's security partners report Opus running pen tests at hyperscaler scale

AI · · · source (claude.com)

The post is officially a partner showcase, but the numbers inside it are worth pulling out. Wiz says its Red Agent now runs continuous pen tests across more than 150,000 production assets a week, returning "thousands of validated high or critical-severity findings" weekly with zero false positives in its internal samples. Accenture's Cyber.AI says security testing coverage at one engagement moved from about 10 percent to 80 percent across 1,600 applications and 500,000 APIs, with scan turnaround compressed from three to five days down to under one hour. Palo Alto Networks Unit 42 says Opus did "the equivalent of a year's worth of penetration testing effort in under three weeks" in its internal evaluation. CrowdStrike, TrendMicro, Deloitte, PwC, BCG, Infosys, and SentinelOne are listed as building services on the same model. Anthropic's roundup is on the Claude blog at claude.com/blog/how-our-partners-are-putting-opus-to-work-for-cybersecurity.

The common thread is throughput. Pen testing has always been bottlenecked on people who can read code, reason about exploit chains, and stay on task for hours. Anthropic is claiming that Opus is now reliable enough at that loop for vendors to wrap commercial services around it, where the agent does the long iterative work and humans triage findings. That is a stronger claim than "Claude can find a bug if you point it at code", and weaker than "AI is replacing red teams". The number to watch as these services scale beyond their first design partners is the false-positive rate.

Why it matters

If your security team buys one of these tools, the working contract changes: expect more findings per week and more pressure to patch them faster, not less analyst time. The bottleneck moves from "do we know" to "can we fix in time", and that is where staffing and process need to catch up.

AnthropicSecurityEnterprise