How Our Partners Are Putting Opus to Work for Cybersecurity

Source: Anthropic / Claude blog — How our partners are putting Opus to work for cybersecurity (published 2026-05-21). Local copy: .raw/articles/claude-partners-opus-cybersecurity-2026-05-23.md.

Key Claim

This companion piece to Claude Security’s public beta turns the partner roster into shipped product. Eight technology and services partners now run Claude Opus in production defense. The post targets one problem: the gap between finding a vulnerability and fixing it, which is “where much of vulnerability exposure lives.” This is the defender-productization wave the frontier-AI-for-vulnerability-discovery thesis anticipated, operationalizing the bottleneck inversion the Glasswing one-month update reported.

The Three Areas

Anthropic groups the offerings into three jobs, each mapping to an existing wiki thread:

  • Continuous offensive testing at production scale — attacking your own systems the way an adversary would, continuously rather than in periodic engagements.
  • Closing the find→fix gap — triage, prioritization, patch testing, and cross-team handoffs compressed from days to hours. This is VulnOps by another name.
  • Getting AI into production, governed — the controls, audit evidence, and autonomy boundaries that move security AI out of “pilot purgatory.”

Partner Results

PartnerOfferingReported resultValidation context
WizRed Agent150,000+ production assets/week; thousands of validated high/critical findings; zero false positivescustomer production
Palo Alto NetworksUnit 42 Frontier AI Defensea year’s pentesting effort in under three weeksinternal testing
CrowdStrikeFrontier AI Readiness & Resilience Servicecontinuous latent-zero-day hunting; platform trusted by >60% of the Fortune 500service
AccentureCyber.AIcoverage 10% → 80% across 1,600 apps + 500,000+ APIs; scans 3–5 days → under an hourown infrastructure
Trend MicroTrendAI Vision Onevirtual patching across 185 countries; findings into ZDI up to 96 days before a vendor patchservice
DeloitteCTEM on Ascenddiscovery→remediation as one workflow; countermeasure design when no patch exists; remediate in hoursservice
PwCClaude Native Cybersecuritysandbox→production in weeks; governed autonomous execution with audit evidenceservice

BCG, Infosys, and SentinelOne are named as building defensive offerings on Opus; none are live yet.

Notable Findings

  • Wiz’s zero-false-positive claim at 150k assets/week is the strongest production-scale FP-control assertion in the wiki, extending the FP-control-as-architectural-primary discipline from research tools into continuous customer-facing pentest. Red Agent reasons over application logic, chains steps, and adapts to live server responses — the logic-driven flaws that scanners miss.
  • The find→fix gap is the unifying frame. CrowdStrike’s Mark Manglicmot calls it “pushing vulnerability management all the way to the left”; Deloitte’s Adnan Amjad says “the gap helps determine whether attackers or defenders win the window” — both restate the Zero Day Clock time-to-exploit logic.
  • Virtual patching as the interim remedy. Trend Micro’s 96-day pre-patch protection window answers the maintainer-side bottleneck the Glasswing update surfaced: when discovery outruns patching, mitigation buys time.
  • Common substrate. Every offering runs on “the same underlying Opus capability: reasoning about code, understanding which exposures translate into real-world risk, and sustaining long agentic workflows.”

Strengths and Weaknesses

The numbers are partner-reported and mix validation contexts — customer production (Wiz), internal testing (Palo Alto), own-infrastructure (Accenture) — so they are directional, not independently benchmarked. No methodology detail backs the “zero false positives” or coverage figures. The announcement is promotional, but the convergence of seven independent firms on the same find→fix framing, in the same month as the Glasswing update, is itself the signal.

Relations

  • Supports: VulnOps — the three-area structure is VulnOps productized; the find→fix gap is the explicit target across all seven partners.
  • Supports: Frontier AI for Vulnerability Discovery — the defender-productization wave the thesis projected.
  • Supports: Claude Security — names the partner access points promised at public-beta launch.
  • Extends: Glasswing — several partners (Wiz, Palo Alto, CrowdStrike) are coalition members now shipping.