Security issues in AI-generated code almost always get caught too late.

The security-guidance plugin for Claude Code brings the catch forward, into the session where the code is being written, so vulnerabilities surface while context is still live and fixes happen before the diff reaches review.

The gap it closes is a product of how AI coding actually works: generation speed has outpaced the PR-first review model. A finding at commit is cheaper than a finding at PR. A finding in-session is cheaper still. The plugin operates at all three layers automatically.

Fast per-edit pattern match flags dangerous calls the moment a file is written, no model involved
Background end-of-turn review diffs everything Claude changed in a turn and sends it to a separate Claude instance for security analysis
Agentic commit review reads the broader codebase context to validate findings before surfacing them, reducing noise
Extensible with team-specific rules via a Markdown file in your repo, covering anything from logging policies to auth patterns
Deployable at user, project, or org scope with no per-developer setup required

The reviewer is always a fresh model with no investment in the code it is reviewing. That design choice is what keeps the findings credible. Anthropic saw a 30-40% reduction in security-related PR comments during internal rollout.

Ideal for developers and teams building production software with Claude Code who want a shift-left security layer without adding friction to the workflow.

Get started with /plugin install security-guidance@claude-plugins-official in your Claude Code session.

I hunt the latest and greatest launches in tech, SaaS and AI, follow to be notified.

Security issues in AI-generated code almost always get caught too late.

Fast per-edit pattern match flags dangerous calls the moment a file is written, no model involved
Background end-of-turn review diffs everything Claude changed in a turn and sends it to a separate Claude instance for security analysis
Agentic commit review reads the broader codebase context to validate findings before surfacing them, reducing noise
Extensible with team-specific rules via a Markdown file in your repo, covering anything from logging policies to auth patterns
Deployable at user, project, or org scope with no per-developer setup required

Ideal for developers and teams building production software with Claude Code who want a shift-left security layer without adding friction to the workflow.

Get started with /plugin install security-guidance@claude-plugins-official in your Claude Code session.

I hunt the latest and greatest launches in tech, SaaS and AI, follow to be notified.

Claude Code Security Guidance

Three-layer vulnerability review for Claude Code

Three-layer vulnerability review for Claude Code