Wednesday, July 8, 2026

News

Alberta Scanned 466 Million Lines of Code With Claude Code in 20 Hours

AI AgentsPatryk Raba

Canada's Alberta province used Claude Code agents to find and fix security vulnerabilities across systems in all 27 ministries - a task that would have taken traditional methods more than six years was completed in under a day.

Contents
  1. How the System Works
  2. Modernization Along the Way
  3. Relevance for Poland

Alberta's Ministry of Technology and Innovation announced that it used Claude Code agents to scan 466 million lines of code across 1,280 applications and 3,400 repositories, covering the systems of all 27 provincial ministries. According to Anthropic, which described the project on July 6, an audit of this scale would have taken a team of developers about 6.5 years using traditional methods. The AI agents did it in 20 hours.

The project began in 2025, when Alberta's cybersecurity team started testing Claude Opus and Sonnet models for reviewing government system code. Over time this grew into an architecture of specialized agents playing different roles across the software development lifecycle.

How the System Works

A 'red team' agent tests the application from the outside, simulating an attacker, and maps potential exploitation paths. A 'blue team' agent evaluates the application's defenses against an international security standard and writes a remediation plan pointing to specific files that need fixing. The whole process runs as a continuous companion to developers rather than a one-time audit.

The systems covered by the scan store sensitive data - tax records, public procurement information, and social assistance files. It was precisely the scale and sensitivity of this data that led Alberta's government to opt for full, systematic coverage instead of the spot checks that had previously been standard practice in the public sector.

By using AI to find and fix vulnerabilities in our systems, we achieved in hours what a traditional approach would have taken years to accomplish - Alberta's Minister of Technology and Innovation

Modernization Along the Way

Beyond patching vulnerabilities, Claude Code agents were also used to rewrite outdated systems into modern programming languages and to generate automated tests. In one Java example, a portal that originally took a team five months to build was recreated from scratch in four to five days. One ministry used the audit results to plan the consolidation of 185 production applications into 16 modern systems, aimed at reducing both the attack surface and maintenance costs.

Alberta also published technical white papers describing the methodology so other governments can replicate a similar process. This fits into a broader trend in which public administrations - previously cautious about generative AI due to sensitive data - are starting to treat coding agents as a tool for systematically closing technical debt, not just for writing new features.

Relevance for Poland

For Polish public offices and state-owned companies, Alberta's example shows the scale that is already practically achievable - this isn't a single pilot, but full coverage of an entire administration's systems within one working day. That contrasts with the situation previously reported in Poland, where many public offices still aren't sure whether the systems they use even fall under the EU AI Act, let alone undergo systematic code security audits using AI agents. Alberta's case could become a reference point in the debate over how the Ministerstwo Cyfryzacji (Poland's Ministry of Digital Affairs) and the newly formed Komisja Rozwoju i Bezpieczeństwa Sztucznej Inteligencji (Commission for the Development and Security of Artificial Intelligence) should approach modernizing public systems.

The risk of this approach is, of course, trust in automatically generated fixes to critical systems - hence the role of the blue team agent, which checks every change against a formal security standard before it goes into deployment. Anthropic stresses that each agent operates within defined permissions and leaves a decision trail, meant to make later human audits easier.

Sources: Government of Alberta uses Claude to find and fix cybersecurity vulnerabilities (anthropic.com), Alberta Gov Taps Claude for Cyber Defense (startuphub.ai)

Share: