Jardel Weyrich

Anthropic just made the entire $15B application security market price in a question it can't answer. Traditional AppSec tools from Snyk, Veracode, and Checkmarx charge per-developer licensing for static analysis. They find vulnerabilities. They generate reports. They flag code. Then a security engineer has to actually fix the problem, which is where 80% of the cost and 90% of the delay lives. Look at the screenshot. Input sanitization audits. SSRF detection. Auth bypass tracing. RBAC enforcement reviews. These are the exact tasks that cost security consultants $300-500/hr and take weeks to schedule. Claude Code Security doesn't generate a PDF full of findings for a human to triage. It writes the patches. That compresses the entire vulnerability lifecycle, discovery through remediation, into a single loop. This tells you everything about where Anthropic sees the real margin in developer tools. Scanning is commoditized. Every CI/CD pipeline already runs some flavor of SAST/DAST. The bottleneck has always been fixing vulnerabilities fast enough to matter, and that bottleneck just disappeared. The timing is worth noting too. Anthropic released this the same week enterprises are getting audited on SOC 2 and ISO 27001 compliance cycles. Security teams running 200+ open findings with a 90-day remediation SLA just got a tool that could clear that backlog in hours. If you're building in AppSec right now, the competitive question changed. You're no longer selling "we find more bugs." You're competing against an AI that finds them and writes the patches in the same session.

LLMs process text from left to right — each token can only look back at what came before it, never forward. This means that when you write a long prompt with context at the beginning and a question at the end, the model answers the question having "seen" the context, but the context tokens were generated without any awareness of what question was coming. This asymmetry is a basic structural property of how these models work. The paper asks what happens if you just send the prompt twice in a row, so that every part of the input gets a second pass where it can attend to every other part. The answer is that accuracy goes up across seven different benchmarks and seven different models (from the Gemini, ChatGPT, Claude, and DeepSeek series of LLMs), with no increase in the length of the model's output and no meaningful increase in response time — because processing the input is done in parallel by the hardware anyway. There are no new losses to compute, no finetuning, no clever prompt engineering beyond the repetition itself. The gap between this technique and doing nothing is sometimes small, sometimes large (one model went from 21% to 97% on a task involving finding a name in a list). If you are thinking about how to get better results from these models without paying for longer outputs or slower responses, that's a fairly concrete and low-effort finding. Read with AI tutor: https://t.co/MipHHO6rjX Get the PDF: https://t.co/XQrqiaGwIO