Vicarius announced today that it has joined Anthropic’s Cyber Verification Program, gaining verified access to the full dual-use capabilities of Claude.
Anthropic built safeguards into Claude for a reason. Vulnerability exploitation, offensive tooling, attack path modeling, these capabilities sit behind some of the most important work in security, and also some of the most dangerous. So by default, they blocked them.
The Cybersecurity Verification Program (CVP) is how Anthropic opens that door for organizations that have earned it.
Vicarius has been accepted into the CVP.
Why This Is Different from a Partnership Announcement
Most AI announcements in security follow a familiar structure: vendor signs partnership with AI company, both issue quotes about the future of defense.
This isn't that.
CVP isn't a partnership. It's a vetting process. Anthropic doesn't co-market it. They review applicants and grant clearance to the ones they trust. The distinction matters because trust from an AI safety organization carries weight that a press release doesn't. It reflects an independent assessment of how a company works, what it builds, and whether it can be trusted with capabilities that most organizations cannot access.
The Problem We Needed to Solve
Security AI has a fundamental tension. To defend against real attacks, you need to understand how real attacks work. That means accessing offensive context, not sanitized descriptions of it.
Most AI models in security operate with the guardrails on. That produces safer outputs and weaker ones. If your AI can't reason about how a vulnerability gets exploited, its prioritization logic is educated guessing. If it can't model attacker behavior, its remediation guidance reflects compliance categories more than actual risk.
Vicarius fixes vulnerabilities. Not finds them. Fixes them. That requires a tighter loop between offensive understanding and remediation action than most security tools are built for. Getting that loop right is what we applied for CVP to do.
What the Clearance Enables
The CVP clearance operates at the internal research layer. Our team now uses Claude with full access to dual-use offensive security capabilities for the vulnerability research, exploit analysis, and remediation logic development that feeds into vRx.
Better intelligence inputs produce better remediation outputs. The gap between what a scanner flags and what an attacker exploits is exactly where organizations get hurt. Closing that gap requires thinking the way attackers think. Now we have the tools to do it without artificial limits on what the AI can reason about.
What It Says About Where Vicarius Sits
We didn't apply for CVP because it was available. We applied because our work requires it.
That Anthropic cleared us says something about how they assessed what we do. Not as a company that wraps AI around a scanner, but as a research-grade security organization doing work that warrants real oversight and earns real trust.
For organizations evaluating security vendors, that matters. It means the company selling you AI-powered remediation didn't just plug in an API. They went through a formal review by the people who built the model, described exactly what they use it for, and were cleared to do it. That's a different bar than a marketing claim about AI capabilities.
"We're at the point where AI can genuinely change the economics of vulnerability management. Not incrementally, but structurally. The organizations that figure out how to run offensive reasoning through their remediation workflows in the next two years will operate at a speed and accuracy that makes today's patch cycles look like manual labor. CVP clearance is one step in building toward that. And we're only at the beginning." Roi Cohen, CEO and Co-founder, Vicarius
