Cycode today announced it has joined Anthropic’s Cyber Verification Program (CVP), gaining verified access to the full dual-use capabilities of Claude for agentic development security work.
As Anthropic rolls out real-time cyber safeguards on its most capable Claude models, it has established two distinct categories of blocked activity:
Prohibited use encompasses cybersecurity activities with little to no legitimate defensive application, such as mass data exfiltration, ransomware code development, and similar activities with clear malicious intent. These are blocked by default and are not subject to adjustment.
High-risk dual-use activities encompass those with clear legitimate defensive applications, such as vulnerability exploitation analysis, offensive security tooling, and related practitioner workflows. These are also blocked by default, but the CVP exists precisely to lift that restriction for verified organizations with legitimate use cases.
The CVP is Anthropic’s structured answer to a real tension: powerful AI models pose risk in the wrong hands but are potent tools for legitimate cybersecurity work. Verification is application-based, organization-scoped, and reviewed by Anthropic. Once approved, the relevant blocks are lifted for vetted dual-use activities, while prohibited-use restrictions remain in place regardless of verification status.
For Cycode, the relevant dual-use work is specific: confirming whether a vulnerability is actually exploitable in a given application context. A scanner report alone cannot answer that question. You have to reason through how an attacker would reach and leverage a flaw, which is precisely the kind of reasoning that default safeguards restrict. This is the work Cycode’s AI Exploitability Agent does at scale across enterprise codebases.
Verified access strengthens the Cycode platform across the board. Maestro, Cycode’s agentic security orchestration engine, reasons across the full Context Intelligence Graph to triage findings, confirm exploitability, and generate PR-ready fixes. AI Guardrails enforce real-time controls across agentic development workflows, blocking risky prompts and vulnerable AI-generated code before they reach production. The AI Fix and Remediation Agent produces context-aware diffs grounded in business-domain logic, not just pattern matching. Each of these capabilities depends on AI that can reason about how attacks actually work.
“Agentic development has fundamentally changed the attack surface,” said Ronen Slavin, CTO and Co-Founder of Cycode. “Securing it requires AI that can think the way attackers do. Anthropic’s Cyber Verification Program gives us verified access to those capabilities for defensive work, and that is exactly what our platform needs to stay ahead.”
The gap between attacker and defender AI access is closing. Cycode’s acceptance into the Cyber Verification Program is one step toward making sure defenders close it first.
