When Anthropic announced Claude Code Security last month, the cybersecurity market reacted like someone had pulled a fire alarm. Stocks at major vendors dropped. Analysts started asking whether AI was going to eat the whole industry. It seemed like a lot of weight to put on what was, at its core, a code scanning feature.
I talked with Amir Khayat, co-founder and CEO of Vorlon, about the reaction and what it actually means for the industry. Vorlon works in SaaS and AI ecosystem security, so this is a territory Khayat thinks about daily. His take was that the market was not entirely wrong to be nervous—but it was nervous about the wrong thing.
“I think there are two things here,” Khayat noted. “One is explaining what are the challenges you solve as a company—which is an old challenge. And the second one is to understand what are the new opportunities for attackers. AI basically just scaled the problem.”
What Claude Code Security Is—And Is Not
The Anthropic announcement is not hard to understand on its own terms. Code flows through Claude already. Scanning it for vulnerabilities is a logical thing to add.
“What they did was kind of trivial and low-hanging fruit for them, because the code is going through them anyway,” he explained. “I think the market got panicked because investors saw that, and they see how companies are now focusing on adopting more AI tools. The panic started with: ‘If Anthropic provides a cybersecurity layer, what happens with the other cybersecurity companies?'”
For the narrow slice of vendors whose entire business is application security testing and code scanning, that is a fair question. An AI provider with direct access to the code, doing analysis as a built-in feature, is real competition.
But CrowdStrike is not a code scanner. Palo Alto is not a code scanner. Tenable is not a code scanner. Treating Claude Code Security as an existential threat to enterprise cybersecurity broadly means you have a pretty limited picture of what enterprise cybersecurity actually covers.
The Breach Pattern Nobody Scanning Code Would Catch
The more important point is that code vulnerabilities are not where most of the significant breaches in recent years came from. The ShinyHunters attacks, the breaches tied to Snowflake, incidents involving Salesloft and similar SaaS platforms—those did not happen because someone found a software bug. Attackers got in through OAuth trust chains, misconfigured cross-application integrations, and third-party access that looked completely legitimate within each individual platform.
That last part is worth sitting with. Within each platform, nothing looked wrong. The anomaly only exists if you can see across all of them at once—and most organizations cannot.
It is the same problem I have been describing for years with XDR and continuous threat exposure management. Every security tool sees its own piece of the environment and calls it clean. The endpoint agent says the endpoint is fine. The firewall logs look normal. The identity provider reports no anomalies. An attacker threading through all three—valid credentials from a phishing email, a legitimate cloud integration, data leaving through a SaaS app—never triggers any of them individually.
“Attackers are no longer trying to deploy malware,” Khayat said. “They are getting in through the front door—just taking all the information. An endpoint solution will not help you if you are connecting to a SaaS database of your Salesforce or ERP tool.”
Code scanning does not help with that either. It is solving for a threat model that describes fewer and fewer of the actual attacks.
Where The Real Exposure Is
The average enterprise now runs across hundreds of SaaS applications, APIs, and OAuth integrations. Every one of those connections is a trust relationship between systems. That is where the exposure lives—not in a vulnerable line of code, but in the web of permissions and integrations that link everything together.
AI agents push this further. When a company deploys an agent with access to its CRM, code repository, email, and cloud storage, that agent is authenticating with non-human identities and executing workflows across multiple services without a human in the loop. If that agent is compromised or simply misconfigured, the potential spread across connected systems is fast and hard to contain.
“What is happening with agents is that you actually took it outside of the endpoint, outside of your network,” Khayat said. “This is actually owned by your vendor, and you have to understand what is normal from your vendors. It is not just one—it is a whole ecosystem.”
The tools built for endpoint protection, browser security, and inline traffic inspection were not designed to monitor this. Each platform watches its own perimeter. The connections between platforms are, for most organizations, largely invisible.
Who Is Responsible When The Agent Gets It Wrong
There is an unresolved question running underneath all of this. When an AI agent operating on your behalf causes a breach, who owns it?
There is at least one court case that starts to answer it. An airline chatbot gave a customer incorrect information about a policy. The airline tried to argue the chatbot had acted on its own. The court said no—if you deploy an AI agent to speak or act for your organization, you own the outcomes. That reasoning will likely apply to security incidents, too.
“There is a shared responsibility,” Khayat noted. “There is so much that a vendor can do. But security teams cannot just put their destiny with their vendors. They have to have tools that proactively understand, learn, and alert—so they will not respond after the fact.”
He compared the situation to self-driving cars. Tesla’s full self-driving still tells you to watch the road. The capability exists, but the accountability has not transferred. Security teams are in that same spot with AI agents right now—the agent is doing things, and the organization is still responsible for what those things are.
What The Market Panic Actually Revealed
There is genuine pressure on cybersecurity vendors to keep up with an AI-accelerated threat landscape. Attackers are using AI to operate faster, on a larger scale, with lower technical barriers. That is real.
What the market reaction got wrong was assuming that Claude Code Security was the main event. It is a useful feature for a specific use case. The harder problem—one that code scanning does not touch—is that enterprises are deploying AI agents and SaaS integrations faster than the security industry has figured out how to monitor them.
“The real challenge for the existing companies,” Khayat said, “is whether they have a solution that can help their customers connect the dots around the risk that comes from data moving through the ecosystem. That is where I see the next challenge.”
Vendors like CrowdStrike and Palo Alto are both working on platform consolidation and broader integration capabilities. Whether that is fast enough and complete enough to cover the ecosystem layer is a real open question.
I keep thinking about Sears and Blockbuster when I look at this market. Both could see the shift coming. Sears was not going to out-innovate Amazon by adding a loyalty card program. Blockbuster was not going to solve its problem by adding a streaming tab to its website. The incumbents that are going to be fine are the ones that recognize the threat model has genuinely moved, and that endpoint coverage alone is not the answer anymore.
The Practical Takeaway
Khayat’s advice for security teams is to start from the current reality, not from the framework you built three years ago. Endpoint protection and perimeter security are not going away, but they are not sufficient on their own. You need visibility into identities, data flows, third-party integrations, and SaaS connections as a unified picture—and you need it before an incident, not after.
“Security teams are usually planning 12 to 18 months ahead,” he stressed. “That is probably the time now to re-evaluate the security budget and start to move, because the threats are coming from new attack surfaces.”
Claude Code Security is not what enterprise security teams should be losing sleep over. It is a useful addition to an AI platform. The thing worth paying attention to is the much larger gap between how fast organizations are adopting AI agents and SaaS integrations, and how much visibility they actually have into what those systems are doing.