Skip to content

Alberta Uses Claude Code for Province-Wide Vulnerability Remediation

The Bottom Line: Alberta completed an automated security scan of 466 million lines of code in 20 hours—a task that would have taken conventional methods 6.5 years.

Since 2025, the Government of Alberta has been deploying Claude Code with Opus and Sonnet models to identify and remediate security vulnerabilities in its government systems. A team from the Ministry of Technology and Innovation scanned 466 million lines of code in 20 hours and fixed security deficiencies across the provincial system.

Alberta’s Ministry of Technology and Innovation oversees the IT infrastructure for all 27 provincial ministries, encompassing approximately 1,280 applications and 3,400 code repositories. Most of these systems had never undergone systematic security assessment; accumulated technical debt from outdated and insecure software amounts to billions of dollars. These systems manage highly sensitive data including tax records, procurement information, and social services files.

To address this challenge, the Ministry established an internal team in 2025 that deployed Claude to enhance system security. The team used Claude Code with Opus and Sonnet models. Approximately 50 agentic processes ran in parallel, scanning codebases for security vulnerabilities, infrastructure weaknesses, and documentation gaps. The procedure followed a two-stage routine: First, repositories were scanned with a rule engine to flag known patterns; then Claude reviewed the flagged items and cited the exact file and line number for each finding, enabling developers to verify it. A complete review of all repositories required approximately 20 hours; a traditional approach would have taken roughly 6.5 years.

When remediating identified vulnerabilities, Claude Code frequently generated fixes automatically, tested them, and deployed them. Where automated tests were lacking to confirm a patch’s security, Claude first wrote the tests. In cases where code was too outdated or complex, it was rebuilt in a more modern language. Such rebuilds were sometimes completed in four to five days—for example, a subsidy program portal originally handcoded in Java approximately 25 years ago, which previously took five months. All patches underwent review and approval by ministry engineers before deployment.

Additionally, Alberta’s Cybersecurity team built specialized Claude agents that run continuously throughout the entire development process. A “red team” agent tests applications from the outside like an attacker and identifies potential exploitation paths. Alberta published technical white papers to share these experiences with other governments.


Source: www.anthropic.com · Published July 5, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: