feed7.dev
Sign InStart Agent Brain
AnthropicEngineering PostOfficial Source

Government of Alberta uses Claude to find and fix cybersecurity vulnerabilities across government systems

Alberta's government ran 50 parallel Claude Code agents over 466M lines of code, compressing a security review estimated at 6.5 years into 20 hours — with every patch still gated on human review.

Anthropic
Open Source Open MarkdownOpen JSON
Source Summary

**The gist** Alberta's Ministry of Technology and Innovation scanned **466 million lines of code** across 3,400 repositories by running **50 Claude Code agents** in parallel, finishing in **20 hours** a review estimated at 6.5 years. Each pass checked applications against **95 security controls**, in a two-stage flow: pattern-flag repositories first, then re-review for exact file and line citations.

Practical Implication

**Why it matters** The harness patterns transfer to any large codebase: cheap flagging followed by precise verification, continuous **red team / blue team** review agents, and remediation that writes **tests first** where coverage is missing and rebuilds legacy code rather than patching it — one 25-year-old Java portal scoped at 5 months was rebuilt in **4–5 days**.

Agent-Ready Context
**The gist** Alberta's Ministry of Technology and Innovation scanned **466 million lines of code** across 3,400 repositories by running **50 Claude Code agents** in parallel, finishing in **20 hours** a review estimated at 6.5 years. Each pass checked applications against **95 security controls**, in a two-stage flow: pattern-flag repositories first, then re-review for exact file and line citations.

**Why it matters** The harness patterns transfer to any large codebase: cheap flagging followed by precise verification, continuous **red team / blue team** review agents, and remediation that writes **tests first** where coverage is missing and rebuilds legacy code rather than patching it — one 25-year-old Java portal scoped at 5 months was rebuilt in **4–5 days**.

**Watch out** It's an Anthropic customer story: no vulnerability counts or fix rates are disclosed, every patch still required **human review** before deployment, and results depend on existing documentation quality. Broader rollout is planned for **fall 2026**, so long-term outcomes are unproven.
Context Map
agentsecuritycoding#multi-agent#coding-agents#adoption
Uncertainty
It's an Anthropic customer story: no vulnerability counts or fix rates are disclosed, every patch still required **human review** before deployment, and results depend on existing documentation quality. Broader rollout is planned for **fall 2026**, so long-term outcomes are unproven.