“Cyber is on shaky ground, but this is also an opportunity”: Anthropic’s Claude Code Security forces reckoning
Investors warn new vulnerability scanner could disrupt code-security firms while empowering attackers.
The bombshell Anthropic dropped on the cybersecurity industry is causing a stir not only on Wall Street, but also among cyber investors.
On Friday, shares of cybersecurity companies fell sharply in trading on Wall Street after Anthropic released a new product that scans organizations’ code and identifies security vulnerabilities. On Saturday, in conversations with Calcalist, two senior Israeli investors assessed how the latest development could affect the industry.
According to Shay Michel, a managing partner at Merlin Ventures, the launch is expected to make waves in the Israeli market, not only as a competitive threat to cybersecurity companies, but also as a new force in the hands of attackers.
“From the offensive side, we will see much more complex and frequent attacks,” Michel told Calcalist. “With the ability to write code quickly, the attacker’s ability is going to be much stronger.”
Kobi Samboursky, a managing partner at Glilot Capital, believes that deep expertise in cybersecurity remains critical, and therefore the threat to cyber companies is not existential.
“Small companies will be able to make do with Claude’s capabilities, but large companies will not be able to make do with it,” Samboursky said. According to him, companies that scan code and warn about failures were already in trouble even before Claude, and the problems will grow significantly now as well.
Over the weekend, Anthropic released a dedicated tool for scanning code, a Vulnerability Scanner, based on its most advanced models, including Claude Opus 4.6. Unlike traditional tools that operate according to fixed rules (static analysis), Anthropic’s tool “thinks” like a human security researcher: it maps the data flow in the application and identifies complex logic failures that regular tools miss. The tool not only finds vulnerabilities, but also suggests corrected code for developer approval.
According to the company, the system was able to find more than 500 security vulnerabilities in production open-source code that had existed for decades and had not been discovered until now.
“There are many cyber companies that could be affected,” Michel said. “Many cyber companies that scan and detect faults could be affected. Companies need to adapt to the new era or they will be affected by Claude’s product.”
Michel warned that the implications go beyond competition among defensive vendors.
“Claude’s new product can significantly strengthen the attackers. They have been given the ability to write secure code and they will know how to use it,” he said. “There is pressure in the short term, but many organizations that adapt to AI will overcome this in the best way. We are moving to companies that are only native AI security. There are no more companies that do not have AI as their basis, and those that do not will need to adapt very quickly. This is a good opportunity to establish companies in the field.”
According to Michel, “This is a significant boost to innovation. The risk for big brands is not that someone will recreate Splunk or CrowdStrike overnight, the risk is that the costs of migration drop to almost zero, thanks to AI agents managing the migration process. You can no longer just ‘sit’ on your customers’ data and workflows and use them as a moat to keep them locked in your ecosystem. Once someone builds a product that solves the same problem better, they can now migrate your customers to it much more easily.”
Samboursky said the broader implications extend across the software industry.
“The entire world of writing code is changing before our eyes,” he said. “A significant part of the cloud is being developed today. The entire process of writing code and software, their testing and security, is under threat. Companies that are involved in software development and protection of the code are on very unstable ground. We are now in the cyber world in a difficult area, on shaky ground, and it is not easy for companies operating in the field.”
Still, Samboursky does not believe the industry will disappear.
“Claude will not wipe out the market and companies will remain here, but they will have to move to other places,” he said. “It’s not easy for companies operating in the field, but it’s also an opportunity, because IT managers are looking for the security that cyber companies provide.”
