Anthropic claims that AI has reached a turning point in cybersecurity, stating that its Claude Sonnet 4.5 model can now detect, analyze, and patch software flaws that were previously handled only by human experts. The company is positioning the system as a front-line tool for defending critical code and infrastructure.
In a new announcement, Anthropic described this as an “inflection point” for AI in cyber defense, citing benchmark gains that show Claude Sonnet 4.5 outperforming earlier models in vulnerability discovery and patching. The company reports that the technology is already being used by partners such as HackerOne and CrowdStrike to accelerate threat detection and strengthen defenses.
AI crosses the line from concept to cyber weapon
Anthropic noted that the moment marks a shift from experimentation to execution, when artificial intelligence stops being a theoretical aid and becomes part of real-world cyber defense.
After years of testing models that could simulate breaches, the AI company confirmed its systems are now capable of preventing them. Sonnet 4.5 was designed with that goal in mind: scanning code, identifying vulnerabilities, and patching weaknesses before attackers can exploit them.
Anthropic warned that attackers are already using AI to scale their operations. In August, it reported that its own Claude models had been misused for extortion, fraud, and espionage, a reminder that AI can be turned against itself. According to the company, the only way to close that gap is to speed up the defensive use of AI across industries and infrastructure.
Claude Sonnet 4.5 sets new highs on Cybench and CyberGym
Anthropic’s latest model demonstrates significant progress in tests designed to simulate real-world defense work.
On Cybench, Claude Sonnet 4.5 solved 76.5% of challenges after multiple attempts, a twofold jump in just six months. The benchmark involves complex, multi-step workflows such as analyzing network traffic, extracting malware, and decompiling malicious code, tasks Anthropic says now take the model minutes instead of hours for a skilled human.
Performance also climbed on CyberGym, where Sonnet 4.5 replicated known vulnerabilities in 66.7% of software projects and uncovered new ones in over 33% of cases across repeated trials.
The company stressed that its research targets defensive gains only, focusing on detecting and repairing insecure code rather than writing exploits or malware.
Early partners put Claude’s defensive skills to the test
Anthropic stated that organizations have already begun using Claude Sonnet 4.5 in live security environments, reporting measurable gains in speed and accuracy.
At HackerOne, the AI model helped reduce average vulnerability intake time by 44% while improving detection accuracy by 25%, according to Chief Product Officer Nidhi Aggarwal. The company said the improvement allowed its “Hai” AI security agents to process reports faster and at a lower risk for clients.
CrowdStrike also tested Claude’s defensive capabilities, noting strong potential for red-teaming and simulating attacker behavior. Chief Scientist Sven Krasser pointed out the model’s creative attack scenarios help researchers study tradecraft more efficiently, strengthening defenses across endpoints, identity, and cloud workloads.
Anthropic added that feedback from these pilots reinforced its confidence that Sonnet 4.5 can complement human analysts and streamline high-volume, repetitive security tasks in enterprise settings.
Anthropic eyes safer, smarter AI systems for the next phase
Anthropic continues to strengthen its own defenses as it expands Claude’s cyber capabilities. Its Safeguards team recently disrupted attempts to weaponize its AI, including a “vibe hacking” extortion scheme and an espionage campaign targeting telecom infrastructure that showed signs of Chinese APT-style tactics.
It is also refining Claude’s ability to generate and review security patches, a complex task that requires fixing vulnerabilities without breaking underlying code. Early results indicate the AI tool’s earlier gains in vulnerability discovery, suggesting steady progress toward reliable defensive use.
The company’s broader security effort extends beyond Claude Sonnet. Claude Code has been recently upgraded with an always-on review system that automatically flags vulnerabilities, such as SQL injection and cross-site scripting, before code reaches production. With Claude Sonnet 4.5, that same defense-first approach now moves beyond the developer environment to critical infrastructure.
Anthropic closed its statement with a call for collaboration, urging industry, government, and researchers to use AI to make digital infrastructure secure by design. Frontier models like Claude, it said, could play a central role in hardening the systems that keep modern life online.
In some not-so-hot news for Anthropic: A judge preliminarily accepted a lawsuit brought by book authors against the tech giant, which accuses the company of using pirated works to train Claude.
The post Claude Sonnet 4.5 Marks Anthropic’s Pivot Toward AI-Powered Cyber Defense appeared first on eWEEK.
No Responses