Skip to content

Alberta Uses Claude for Systematic Vulnerability Detection Across 1,280 Government Applications

The bottom line: Alberta reviewed 466 million lines of government code in 20 hours using Claude and fixed vulnerabilities that would have taken conventional methods 6.5 years to address.

Since 2025, the Government of Alberta has deployed Claude Code with the Opus and Sonnet models for security analysis of its IT systems, reviewing 466 million lines of code in 20 hours. An internal team of the Ministry of Technology and Innovation identified and remediated security vulnerabilities at a scale that would have taken approximately 6.5 years using conventional methods.

The ministry of the Province of Alberta maintains IT infrastructure for all 27 provincial ministries and administers approximately 1,280 applications across 3,400 code repositories. The majority of these systems had never undergone systematic security review. The accumulated technical debt – insecure code, unresolved defects, and outdated software – is estimated at billions of dollars. These systems store highly sensitive data such as tax records, procurement information, and social records.

The team deployed approximately 50 autonomous Claude agents in parallel, systematically searching codebases for security vulnerabilities, infrastructure weaknesses, and documentation gaps. Claude Code operated in two stages: first, each repository was scanned with a rules engine to flag known patterns, then the model reviewed the flagged items and provided precise file and line numbers so developers could verify the findings. This automated review identified issues that conventional scanning tools had missed.

When remediating the identified vulnerabilities, Claude Code was often able to automatically generate, test, and implement fixes. In cases where automated tests were missing, the model wrote them first. Where code was too outdated or complex, it was rewritten in modern, more maintainable languages – sometimes in just four to five days. One example: a subsidies portal originally hand-coded in Java approximately 25 years ago, which originally required five months of development time, was modernized in just a few days. All patches underwent review and approval by the ministry’s engineers before production deployment.

Beyond the one-time analysis, Alberta’s cybersecurity team established specialized Claude agents for continuous security reviews during the development process. A “red team” agent conducts external probes simulating attacker methodology and maps attack vectors. Alberta has published technical whitepapers to enable other governments to benefit from these findings.


Source: www.anthropic.com · Published July 5, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: