Core Conclusion
Anthropic completed two important updates this week: opening the Claude Security API to a wider public, and adding task classification and kanban mode to Claude Code cloud version. These updates signal that Anthropic is transforming security capabilities from internal tools into platform services that can be widely integrated.
Meanwhile, Cursor launched its competing AI Agent Harness just 2 hours after Anthropic released its security review feature. Competition in the AI programming security track is accelerating.
Claude Security API Opening
Previously, Claude Security was primarily an internal tool or small-partner security review tool at Anthropic. This opening means:
- Third-party integration: Developers can embed Claude’s security review capabilities into their own CI/CD pipelines, IDEs, or code hosting platforms
- Scaled deployment: Enterprises can automate security review, no longer relying on manual code review
- Cost transparency: API model means pay-per-call pricing, making it affordable for small and medium enterprises
Security Review Scope
| Review Dimension | Description |
|---|---|
| Vulnerability Detection | Automatically identifies common security vulnerabilities (SQL injection, XSS, credential leaks, etc.) |
| Dependency Security | Checks third-party libraries for known vulnerabilities and license risks |
| Code Patterns | Identifies insecure design patterns and anti-patterns |
| Fix Suggestions | Provides specific remediation plans for each discovered issue |
Claude Code Cloud Version: Kanban Mode Prototype
Claude Code cloud version now automatically classifies tasks into the following states:
| Status | Meaning |
|---|---|
| Needs Attention | Task execution encountered obstacles, requires human intervention |
| Awaiting Review | Task completed, awaiting user confirmation |
| In Progress | Task currently executing |
| Completed | Task successfully finished |
| Error | Task execution failed, requires troubleshooting |
This is clearly laying the groundwork for a subsequent kanban mode. Based on community feedback, Claude Code’s design draws partial inspiration from task management experiences in open-source projects like Multica.
Why Kanban Mode Matters
For teams running multiple Claude Code tasks simultaneously:
- Visual management: See at a glance which agents are running and which are stuck
- Priority adjustment: Pause low-priority tasks to let high-priority tasks run first
- Rapid error localization: Failed agents are highlighted, no need to dig through logs
Competitive Comparison: Anthropic vs Cursor
| Dimension | Claude Security (Anthropic) | AI Agent Harness (Cursor) |
|---|---|---|
| Review Model | Claude series | Custom security model |
| Execution Mode | Cloud API | Local or cloud |
| Model Flexibility | Claude only | Supports any model |
| PR Review | ✅ Automatic review of every PR | ✅ Automatic review + Slack push |
| Scheduled Scanning | To be confirmed | ✅ Scheduled scans + result push |
| Open Source | ❌ | ✅ Harness framework open source |
| IDE Integration | Claude Code | Cursor IDE native |
Notably, Cursor launched its competitive product just 2 hours after Anthropic released its security review feature, claiming “more features.” This rapid response indicates that AI programming security is becoming one of the most fiercely competitive tracks of 2026.
Industry Trend: From “Manual Review” to “AI Continuous Monitoring”
Previously, code security review was a manual step in the PR process. Now:
- Anthropic: Claude Security detects security issues in real-time during agent task execution
- Cursor: Always-on security agents continuously scan the entire codebase, pushing findings to Slack
- GitHub: Dependabot + CodeQL provide basic dependency and static analysis
In the next 6-12 months, we expect to see:
- Security review becoming a standard feature of AI programming tools
- Security agents running in parallel with development agents, forming a “develop-review-fix” closed loop
- Open APIs for security capabilities, allowing enterprises to integrate into existing security workflows
Action Recommendations
- Anthropic users: Watch for Claude Security API availability timing and pricing, evaluate whether it’s worth migrating existing security review processes to the API.
- Cursor users: AI Agent Harness is open source — try its security scanning capabilities locally.
- Team managers: If your team generates a large number of PRs daily, consider introducing automated security review agents to reduce manual review burden.
- Security teams: The opening of Claude Security API means AI security review can be integrated into existing Security Operations Center (SOC) workflows.
- Observers: This track is evolving rapidly. Try the open-source option (Cursor Harness) first before evaluating whether paid commercial solutions are needed.