Dryrun-Security

Anthropic has built its brand on safety. Claude is consistently positioned as the thoughtful, cautious model — the one that pushes back on dangerous requests, that thinks about consequences, that errs on the side of care. So the DryRun Security research published today will raise some eyebrows: when used as an agentic coding agent building real applications, Claude produces the highest number of unresolved high-severity security flaws among the leading AI coding agents tested. ...

DryRun Security’s 2026 Agentic Coding Security Report landed a finding that should make every engineering team pause: 87% of pull requests written by AI coding agents (Claude, Codex, Gemini) introduced at least one security vulnerability. Not occasionally — consistently, across all three leading models, in real application development scenarios. This isn’t a reason to stop using AI coding agents. The productivity gains are real. But it is a strong signal that AI-generated code needs a security review process as rigorous as — or more rigorous than — what you’d apply to human-written code. ...