Anthropic’s Claude Code Security Triggers Flash Crash in Cybersecurity Stocks

First it was SaaS stocks in general, now it’s the shares of cybersecurity companies in particular: On February 20, 2026, Anthropic introduced a new feature called Claude Code Security that automatically scans codebases for security vulnerabilities and suggests patches for human review. The announcement triggered a significant stock price decline at exchanges for established cybersecurity companies. Shares of CrowdStrike and Cloudflare each lost around 8 to 10 percent, and the Global X Cybersecurity ETF fell by nearly 9 percent.

The Anthropic effect with its Claude LLMs on software already became noticeable in January. Claude Cowork caused investors to see no great future in software-as-a-service business models; based on the assumption that in the future AI agents will perform tasks rather than people using software in office environments. It should be noted that Claude Code Security is not yet available everywhere, and it remains to be seen how effective it actually is.

This type of crash is now affecting cybersecurity shares through Claude Code Security. Here are the stock prices of the following companies and ETFs over the past 5 days:

• CrowdStrike (CRWD)
• Fortinet (FTNT)
• Cloudflare (NET)
• ZScaler (ZS)
• Okta
• Global X Cybersecurity ETF (BUG)

What is Claude Code Security?

Claude Code Security is a feature integrated into the web-based version of Claude Code for automated security analysis of software code. Unlike conventional static analysis tools that rely on predefined patterns and rules, the system uses Large Language Models (LLMs) to analyze code based on context. The tool is designed to identify particularly complex vulnerabilities that rule-based scanners often miss, including business logic errors and faulty access controls.

According to Anthropic, Claude Code Security analyzes code similarly to how a human security researcher would: the system examines how components work together, how data flows through the application, and where potential vulnerabilities lie. In internal tests with the Claude Opus 4.6 model, the company identified over 500 vulnerabilities in productively used open-source projects, some of which had remained undiscovered for decades.

How the Tool Works

The analysis process of Claude Code Security runs in several stages. First, the system scans the entire codebase and identifies potential security gaps. This is followed by a multi-stage verification process in which Claude checks its own results, attempts to confirm or refute them, and filters out false positives.

Validated findings are presented in a dashboard that provides the following information:

• Description of the identified vulnerability
• Severity rating for prioritization
• Confidence value for the reliability of the finding
• Suggested patches for remediation

A central feature is mandatory human review. No change is applied automatically. Developers and security teams must review each suggested patch and explicitly approve it. Anthropic emphasizes that Claude Code Security identifies problems and suggests solutions, but the final decision always rests with humans.

The tool cannot, however, perform runtime tests, send API requests, or validate the exploitability of vulnerabilities in live environments. Dynamic testing and human expertise therefore remain indispensable.

Availability and Access

Claude Code Security is currently in a limited research preview. Access is initially available to the following user groups:

• Enterprise customers of Anthropic
• Team customers of Anthropic
• Maintainers of open-source projects (with accelerated, free access upon request)

According to Anthropic, the preview phase serves to refine the features together with users and ensure responsible deployment. No timeline for general availability has been announced. The company developed the technology over more than a year, including through testing in cybersecurity competitions such as capture-the-flag events and in cooperation with the Pacific Northwest National Laboratory.

Background of Market Reaction

Investors fear that AI-powered tools like Claude Code Security could partially replace established cybersecurity products and services. The concern focuses on the possibility that automated vulnerability detection through AI could reduce demand for traditional scanning tools and exert price pressure on providers. Dennis Dick, Head Trader at Triple D Trading, described the reaction to Bloomberg as a “mini-flash-crash,” triggered by fear of disruption.

The stock decline fits into a broader trend. The iShares Expanded Tech-Software Sector ETF has lost around 23 percent since the beginning of the year. Many market participants see AI-powered software development and security analysis as a threat to growth, margins, and pricing power of established providers.

However, there are also more optimistic assessments. Jefferies analyst Joseph Gallo expects, according to Bloomberg, that the cybersecurity sector will benefit from AI in the long term. Securing AI systems themselves could become a growth driver. In the short term, however, investors must reckon with further headline-driven setbacks until greater clarity emerges about the actual impact.

Anthropic itself points to the dual-use problem: the same capabilities that help defenders find and fix vulnerabilities could also benefit attackers. Claude Code Security is therefore specifically designed to give defenders an advantage and protect code against AI-powered attacks.