# Government of Alberta uses Claude to find and fix cybersecurity vulnerabilities across government systems

Source: [Anthropic](https://www.anthropic.com/news/alberta-government-claude-cybersecurity)  
Feed7 permalink: https://feed7.dev/p/alberta-government-claude-cybersecurity-059q6cn  
Published: Unknown  
Trust: Official Source (official_source)

## Why Included

Alberta's government ran 50 parallel Claude Code agents over 466M lines of code, compressing a security review estimated at 6.5 years into 20 hours — with every patch still gated on human review.

## Source Summary

**The gist** Alberta's Ministry of Technology and Innovation scanned **466 million lines of code** across 3,400 repositories by running **50 Claude Code agents** in parallel, finishing in **20 hours** a review estimated at 6.5 years. Each pass checked applications against **95 security controls**, in a two-stage flow: pattern-flag repositories first, then re-review for exact file and line citations.

## Practical Implication

**Why it matters** The harness patterns transfer to any large codebase: cheap flagging followed by precise verification, continuous **red team / blue team** review agents, and remediation that writes **tests first** where coverage is missing and rebuilds legacy code rather than patching it — one 25-year-old Java portal scoped at 5 months was rebuilt in **4–5 days**.

## Agent-Ready Context

**The gist** Alberta's Ministry of Technology and Innovation scanned **466 million lines of code** across 3,400 repositories by running **50 Claude Code agents** in parallel, finishing in **20 hours** a review estimated at 6.5 years. Each pass checked applications against **95 security controls**, in a two-stage flow: pattern-flag repositories first, then re-review for exact file and line citations.

**Why it matters** The harness patterns transfer to any large codebase: cheap flagging followed by precise verification, continuous **red team / blue team** review agents, and remediation that writes **tests first** where coverage is missing and rebuilds legacy code rather than patching it — one 25-year-old Java portal scoped at 5 months was rebuilt in **4–5 days**.

**Watch out** It's an Anthropic customer story: no vulnerability counts or fix rates are disclosed, every patch still required **human review** before deployment, and results depend on existing documentation quality. Broader rollout is planned for **fall 2026**, so long-term outcomes are unproven.

## Context Map

- Layer: agent
- Domains: security, coding
- Topics: multi-agent, coding-agents, adoption

## Uncertainty

- It's an Anthropic customer story: no vulnerability counts or fix rates are disclosed, every patch still required **human review** before deployment, and results depend on existing documentation quality. Broader rollout is planned for **fall 2026**, so long-term outcomes are unproven.

## Agent Instruction

Use this item as source-backed context. Do not invent claims beyond the linked source. If this item conflicts with another source, call out the conflict.
