Alberta uses Claude to scan 466 million lines of code
Tue, 7th Jul 2026 (Today)
The Government of Alberta has used Anthropic's Claude to identify and remediate cybersecurity vulnerabilities across its public sector systems, covering code used by all 27 provincial ministries.
A team within Alberta's Ministry of Technology and Innovation reviewed 466 million lines of code in about 20 hours, according to project details. The review spanned 1,280 applications and 3,400 code repositories, many of which had not previously undergone a systematic security assessment.
The exercise is part of a wider effort to reduce technical debt in government systems that support services ranging from social support and taxation to public safety and wildfire response. Those systems hold sensitive information, including tax records, procurement data and social services case files.
Officials said the ministry began the work in 2025 by creating an internal team focused on making government systems more secure and easier to maintain. The team used Claude Code with Anthropic's Opus and Sonnet models, with around 50 agents running in parallel to inspect codebases, infrastructure and deployment processes, and technical documentation.
The review used a two-stage method. A rules engine first flagged known patterns linked to vulnerabilities, then the model examined those findings and cited the exact file and line for each issue for developers to check.
Alberta said the scan identified issues that conventional automated tools had missed. A comparable manual review could otherwise have taken about 6.5 years, the ministry estimated.
Fixing flaws
Beyond identifying vulnerabilities, the system also generated fixes, tested them and built them for review by engineers. In cases where systems lacked automated tests, the model wrote the tests before proposing changes.
Where older software was too outdated or complex to patch efficiently, Alberta used the tools to rebuild applications in more modern programming languages. One example was a subsidy programme portal originally hand-coded in Java about 25 years ago, which could be rebuilt in four to five days after taking five months to create the first time.
Engineers reviewed and approved every patch before deployment. That human approval step remained in place even where code generation and testing had been automated.
Continuous review
Alberta also described a broader model for ongoing software review inside government. Its cybersecurity team built specialised review agents that run during development, including a "red team" agent designed to probe an application from the outside and map how a vulnerability might be exploited, and a "blue team" agent that assesses a system's defences against an international security standard and drafts a remediation plan.
Additional agents check code quality and the clarity of public-facing written content. Each application is assessed against roughly 95 security controls on each pass.
The work addresses a long-standing problem in public sector technology, where ageing applications, incomplete documentation and outdated software can make systems difficult to secure and maintain. Alberta put the accumulated technical debt in its estate in the billions of dollars.
Nate Glubish, Minister of Technology and Innovation, linked the project to the government's responsibility to protect sensitive data held on behalf of residents.
"Albertans trust their government with some of the most sensitive information in their lives, and it is our responsibility to protect it," said Nate Glubish, Minister of Technology and Innovation, Government of Alberta. "By using AI to find and fix vulnerabilities across our systems, we accomplished in hours what would have taken a traditional approach years to complete. This is what responsible government looks like in the AI era, and the best is still ahead of us."
Wider plans
Claude now assists with writing, reviewing and deploying code as part of a wider modernisation effort. Alberta is also using an AI training programme, the Alberta AI Academy, to teach government staff and members of the public how to use AI tools.
According to the province, thousands of government employees and more than 10,000 members of the public have used the platform. The training covers prompting and software delivery, with the aim of extending the approach beyond a single internal team.
Alberta also outlined further work to simplify older systems. One ministry alone has 185 legacy applications running in production, and the government plans to analyse those systems and consolidate them into 16 reusable applications built on modern coding languages and conventions.
The province has published technical white papers describing its approach for other governments seeking to review and modernise ageing software estates. It said the same mix of technical debt and cybersecurity exposure is common across provincial, state and federal administrations.
Most of Alberta's application estate had never undergone a systematic security review before this effort, according to the ministry.