The Government of Alberta, Canada, used Anthropic’s Claude Code to scan 466 million lines of government software for security vulnerabilities in 20 hours, according to a case study Anthropic published on July 6.

How the audit worked

Alberta’s Ministry of Technology and Innovation ran the process in two stages: a rules engine first flagged known vulnerability patterns across the province’s code, then Claude reviewed each flag and cited the exact file and line so engineers could verify it independently. About 50 Claude Code agents, including specialized “red team” and “blue team” agents built on the Claude Agent SDK, worked in parallel to search for vulnerabilities, weak points in infrastructure and deployment processes, and gaps in technical documentation.

The review covered 1,280 applications across roughly 3,400 code repositories serving the province’s 27 ministries. Anthropic said the same work would have taken an estimated 6.5 years using traditional manual methods.

“By using AI to find and fix vulnerabilities across our systems, we accomplished in hours what would have taken years to complete,” Alberta’s Minister of Technology and Innovation, Nate Glubish, said in the case study.

Human review stayed in the loop

Every patch Claude proposed went through review and approval by a ministry engineer before deployment, Anthropic said. The company did not disclose how many vulnerabilities the scan actually found.

What’s next

Alberta plans to scale the approach across the wider provincial government this fall and will host an industry day in Edmonton this month to share its findings with other governments. The province is also pursuing a separate project to consolidate 185 legacy applications into 16 modern ones, and says it wants AI agents to eventually help build new software alongside its engineers. More than 10,000 members of the public have been trained through the province’s AI Academy, according to Anthropic.