Government of Alberta uses Claude to find and fix cybersecurity vulnerabilities across government systems

· Source: Anthropic News · Field: Government & Public Sector — Public Safety & Security, Digital Government & E-Government · Depth: Intermediate, medium

Summary

The Government of Alberta has utilized Claude Code, specifically Opus and Sonnet models, since 2025 to identify and remediate cybersecurity vulnerabilities across its extensive systems. A team within Alberta's Ministry of Technology and Innovation scanned 466 million lines of code from 1,280 applications and 3,400 code repositories in just 20 hours, a task estimated to take 6.5 years with traditional methods. Claude Code performed a two-stage scan, flagged issues, generated fixes, wrote tests, and even rebuilt outdated applications, such as a 25-year-old Java portal, in days. The Ministry also implemented continuous security reviews using "red team" and "blue team" agents, checking applications against 95 security controls. This initiative, which includes training through the Alberta AI Academy and plans to consolidate 185 legacy applications, aims to reduce technical debt and enhance system security.

Key takeaway

For government IT leaders or cybersecurity architects facing extensive technical debt and legacy system vulnerabilities, this case study demonstrates that AI offers a transformative solution. You can deploy AI models like Claude Code to scan hundreds of millions of lines of code in hours, generate fixes, and even modernize outdated applications, drastically reducing the time and cost of security remediation. Consider piloting AI-powered code analysis and continuous security agents to accelerate your modernization efforts and enhance system defenses.

Key insights

AI, specifically large language models, can rapidly identify, fix, and continuously monitor cybersecurity vulnerabilities across vast codebases.

Principles

Method

A two-stage routine involves an AI rules engine for initial flagging, followed by AI review to cite exact file/line findings. AI then generates fixes, writes tests, or rebuilds outdated code. Continuous agents perform red team/blue team assessments.

In practice

Topics

Best for: AI Engineer, AI Architect, IT Professional

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Anthropic News.