Government of Alberta uses Claude to find and fix cybersecurity vulnerabilities across government systems
Summary
The Government of Alberta has utilized Claude Code, specifically Opus and Sonnet models, since 2025 to identify and remediate cybersecurity vulnerabilities across its extensive systems. A team within Alberta's Ministry of Technology and Innovation scanned 466 million lines of code from 1,280 applications and 3,400 code repositories in just 20 hours, a task estimated to take 6.5 years with traditional methods. Claude Code performed a two-stage scan, flagged issues, generated fixes, wrote tests, and even rebuilt outdated applications, such as a 25-year-old Java portal, in days. The Ministry also implemented continuous security reviews using "red team" and "blue team" agents, checking applications against 95 security controls. This initiative, which includes training through the Alberta AI Academy and plans to consolidate 185 legacy applications, aims to reduce technical debt and enhance system security.
Key takeaway
For government IT leaders or cybersecurity architects facing extensive technical debt and legacy system vulnerabilities, this case study demonstrates that AI offers a transformative solution. You can deploy AI models like Claude Code to scan hundreds of millions of lines of code in hours, generate fixes, and even modernize outdated applications, drastically reducing the time and cost of security remediation. Consider piloting AI-powered code analysis and continuous security agents to accelerate your modernization efforts and enhance system defenses.
Key insights
AI, specifically large language models, can rapidly identify, fix, and continuously monitor cybersecurity vulnerabilities across vast codebases.
Principles
- AI accelerates security reviews from years to hours.
- AI agents enable continuous, multi-faceted security analysis.
- AI can modernize legacy codebases by rebuilding them.
Method
A two-stage routine involves an AI rules engine for initial flagging, followed by AI review to cite exact file/line findings. AI then generates fixes, writes tests, or rebuilds outdated code. Continuous agents perform red team/blue team assessments.
In practice
- Deploy AI to scan 400M+ lines of code in hours.
- Automate vulnerability patching and test generation with AI.
- Implement AI agents for continuous security monitoring.
Topics
- Public Sector Cybersecurity
- AI Code Analysis
- Vulnerability Management
- Legacy System Modernization
- Claude Code
- AI Agents
Best for: AI Engineer, AI Architect, IT Professional
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Anthropic News.