Last week Anthropic launched Claude Code Security, a new feature built directly into Claude Code that scans codebases for vulnerabilities the way a human security researcher would. Not rule-based. Not pattern-matching against known exploits. Actual contextual reasoning across your code. The market reacted the way it always reacts to something it doesn’t fully understand: with panic. SAST stocks collapsed. CrowdStrike fell 8%. Okta dropped 9.2%. The Global X Cybersecurity ETF hit its lowest point since November 2023.
To be clear about what this is: Claude Code is Anthropic’s agentic coding assistant. Claude Code Security is a specific capability within it, focused on vulnerability detection. It is not a full security platform. It is a very powerful Shift Left tool. And that distinction matters enormously for how we should be thinking about what it actually changes.
Here’s my actual take: Claude Code is one of the best Shift Left tools we’ve seen in years. It is not enough. And if we treat it like it is, we’ll look back on this moment the same way we look back on the early days of Shift Left, wondering how we managed to move the problem without actually solving it.
Enterprise Security for AI Agents & Non-Human Identities
Adopt the AI. That Part Is Not Up for Debate.
Let me be direct about something before anything else: agentic AI tools are not optional anymore. Claude, vibe coding, AI-assisted development in general, these are becoming standard parts of how software gets built. Engineers who use them ship faster. And frankly, the code that comes out is often more security-aware than what a tired developer writes at 4 PM on a Friday.
If your organization is still debating whether to adopt AI coding tools, you have already lost ground. The question is not whether to adopt. The question is how to adopt without creating the same blind spots every previous wave of tooling has created. That distinction matters more than most people realize right now.
The Shift Left Lesson We Keep Refusing to Learn.
We have been here before. Shift Left arrived with real promise: move security earlier into the development lifecycle, catch problems before they ship, make developers part of the solution. The concept was right. The execution is where it fell apart.
What Shift Left actually did, in most organizations, was move the problem into every developer’s IDE and call it solved. Security responsibility got pushed onto engineers without giving them, or the security teams behind them, the context to act on it effectively. You can’t hand a developer a tool and say good luck. That’s not a collaboration. That’s delegation without infrastructure.
The attack surface did not shrink. It became diffuse and harder to track. And over time, it became clear that Shift Left only works when it is married to Shift Right: the runtime monitoring, the detection, the continuous oversight that gives all those preventative tools something real to stand on.
Claude Code Security is on the same trajectory. The enthusiasm is the same. The assumptions are the same. And if we don’t build the oversight layer in parallel, we will end up in the same place: faster vulnerability detection in development, larger blind spots in production, and a security posture that looks more complete than it actually is.
What Claude Code Cannot Tell You.
Claude Code Security is genuinely impressive at what it does. It scans your codebase before anything runs, finds vulnerabilities that static tools miss, and surfaces them for human review. That is valuable and we should use it.
But it operates entirely at the pre-deployment layer. Once your code ships and your AI agents are live in your environment, Claude Code Security is no longer in the picture. And that is exactly where the questions that keep security teams up at night begin.
- What credentials did that AI agent just create?
- Which vault did it access?
- Is that redacted secret actually dead?
These are runtime questions. They live in the space between what your AI agent was authorized to do and what you can actually verify it did. Claude Code, the agentic assistant, is writing and executing code, spinning up processes, touching systems, and creating non-human identities in your environment. Claude Code Security scans the code before that happens. It does not watch what those agents do once they are running.
This is not a knock on Anthropic. It is a structural reality of how the security stack works, and it is the same reality that made Shift Left incomplete on its own. Prevention tools operate at the beginning of the lifecycle. They cannot see what happens at runtime. And runtime is where the real exposure lives.
Why NHI Detection Has to Come First.
At Entro, we learned this the hard way, through actually building the platform and seeing where things break. The principle we kept coming back to is simple: you cannot remediate what you do not monitor.
Before any Shift Left tool can do its job properly, you need full context on what is in your environment. Every service account. Every API key. Every bot and automated process. Every non-human identity that exists across your infrastructure, what it can access, what it has accessed, and whether that activity is authorized and visible to anyone on your team.
That is what NHI detection and monitoring provides. And only once you have that foundation does everything else become meaningful. Pre-commit hooks work because you understand the context they are operating in. Auto-rotation makes sense because you know what secrets exist and where they live. Zero Trust conditional access has teeth because you can actually verify identity and behavior rather than assuming it.
Without that Shift Right context, Shift Left tools are not solving the problem. They are just moving it earlier and making it harder to see.
No Single Tool Wins. That Is Not a Weakness, It Is the Point.
Think about how infrastructure works. No serious engineering organization runs on a single cloud provider. Vendor lock-in is treated as an architectural risk, something to be designed around from the start. The same logic applies to security, and it applies even more urgently when AI is involved.
Claude Code Security is an excellent tool. It belongs in the stack. But a stack built entirely around it, or any single tool, is exactly what attackers count on. Blind spots are not accidents. They are the predictable result of over-delegating to a single solution and stopping there.
The organizations that get AI security right will be the ones that treat adoption and oversight as parallel workstreams, not sequential ones. You do not get the visibility platform in place after you have already deployed the agents. You build them together.
CISOs who have built real security programs understand this instinctively. Security is not a product decision. It is an architectural one. And good architecture does not rely on any single component to carry the entire load.
The Real Question.
The Claude Code Security release is not an apocalypse for traditional security. It is a signal that the industry is moving faster than most security programs are built to track. That is worth taking seriously.
Shift Left did not fail because the concept was wrong. It failed because we treated it as a destination rather than one part of a larger system. We cannot afford to make that mistake again with AI, and at the pace this category is moving, there will not be much time to course-correct after the fact.
So the question I keep coming back to is this: are we actually learning from the Shift Left era, or are we about to repeat it with AI?
Because here is what we know for certain. Every AI agent you deploy is a non-human identity. It holds credentials, it accesses systems, it makes decisions at runtime that no Shift Left tool will ever see. The attack surface is not just the code your agents write. It is what those agents do once they are live, what they touch, what they can reach, and whether anyone is actually watching.
Adopt the AI. Use the agents. But the organizations that get this right will be the ones that treat NHI visibility as the foundation, not an afterthought. You cannot secure what you cannot see, and right now most teams cannot see their agents at all.
That is the gap. And it is exactly the one attackers are looking for.
