Can AI Automatically Fix Security Holes in Government Systems? The Case of Alberta

Abstract network image symbolizing digital security
AI Summary

Since 2025, the Government of Alberta, Canada, has been strengthening its digital infrastructure by utilizing the artificial intelligence 'Claude Code' to automatically detect and remediate security vulnerabilities in government systems.

Imagine you are the manager of a massive library, but you have no way of knowing exactly which books—among tens of thousands—contain incorrect information or have become too worn to use. The library is simply too large. Suddenly, an AI assistant with magical abilities appears, scans every shelf in an instant, identifies the problematic books, writes new content to insert into them, and even verifies that the information is accurate.

This is not a story from imagination. The Government of Alberta, Canada, is actually doing something similar. Since 2025, they have been leveraging artificial intelligence technology to keep their government digital systems significantly more secure. Source 3, Source 5

Why is this important?

We are living in a “digital world.” Government systems store everything from citizens’ personal information to administrative services. What would happen if a security hole were to appear? Traditionally, human developers had to review code line by line, a process that is extremely time-consuming and prone to missing critical security vulnerabilities due to human error.

The Alberta government’s case is noteworthy because it marks a transition from AI simply helping to find information to AI directly ‘fixing’ the problems. This not only drastically reduces system recovery time but also creates an environment where cybersecurity experts can focus on more important strategic decisions.

Easy to Understand: How does AI protect security?

The tool used by the Alberta government is ‘Claude Code,’ developed by Anthropic. Source 2

Simply put, you can compare the AI’s role to the following:

  • Finding Vulnerabilities (Filtering): Much like how a “filter” in a photo editing app removes impurities, Claude keenly identifies parts (vulnerabilities) within the complex tangled web of government system code that could pose security risks.
  • Fixing and Testing (Automated Verification): When it discovers code that needs fixing, Claude writes appropriate “patch code,” much like solving a math problem. But the surprising part is: what happens if the “answer key” (test code) to verify the fix does not exist in the system? Claude is smart enough to write test code itself first to thoroughly verify that the code it fixed does not break other parts of the system. Source 2

The brain models used for Claude here are ‘Opus’ and ‘Sonnet.’ Source 3 Both are Anthropic’s language models, possessing high-level coding skills and the ability to reason through complex situations. Source 8

Current Situation: Not a perfect magic wand, but a powerful assistant

Of course, AI is not a universal magic wand that solves everything perfectly.

  • Human Intervention (Final Review): Currently, the patches proposed by Claude Code are designed to pass through a “human review” process without fail. There is a “safety belt” in place where humans make the final confirmation of whether the answer provided by the AI is truly safe and appropriate. Source 6
  • Scaling the Technology: Not every system has an automated testing environment in place. The Alberta case demonstrates an advanced state where AI even builds testing environments on its own, which provides significant insight to other organizations lacking test infrastructure. Source 2

As the ability to detect and patch security vulnerabilities becomes increasingly important globally, many government agencies are racing to consider introducing security systems that leverage AI. Source 7

What will happen in the future?

Experts believe it is highly likely that governments will mandate the use of AI-driven vulnerability scanning and automated patching in cybersecurity response frameworks. Source 7

We are now moving past the passive era where ‘people write code, people verify it, and people fix it’ into an efficient era where ‘people set goals for AI, AI completes the primary work, and people perform the final verification.’ Such changes will make a major contribution to creating faster and safer online administrative services.

AI’s Perspective (AI Reporter at MindTickleBytes)

The sight of a system diagnosing its own illnesses and writing its own cures offers a glimpse into the future of cybersecurity. However, as AI becomes smarter, the role of humans in making final judgments and taking responsibility for the results will become even more critical. As technology advances, the task of protecting the “human safety belt” will become more important than ever before.

References

  1. Claude Mythos - Wikipedia (https://en.wikipedia.org/wiki/Claude_Mythos)
  2. Government of Alberta uses Claude to find and fix cybersecurity vulnerabilities \ Anthropic (https://www.anthropic.com/news/alberta-government-claude-cybersecurity)
  3. More details on Fable 5’s cyber safeguards and our jailbreak framework \ Anthropic (https://www.anthropic.com/news/fable-safeguards-jailbreak-framework)
  4. Disclosed CVEs: 3.5× Spike After Claude Mythos Epoch AI (https://epoch.ai/data-insights/cve-severity-spike)
  5. Claude for Financial Services \ Anthropic (https://www.anthropic.com/news/claude-for-financial-services)
  6. Making frontier cybersecurity capabilities available to defenders \ Anthropic (https://www.anthropic.com/news/claude-code-security)
  7. AI has crossed a threshold – what Claude Mythos means for the future of cybersecurity (https://theconversation.com/ai-has-crossed-a-threshold-what-claude-mythos-means-for-the-future-of-cybersecurity-281308)
  8. Claude(AI) - Wikipedia (https://en.wikipedia.org/wiki/Claude_(language_model))
Test Your Understanding
Q1. What AI tool does the Government of Alberta, Canada, use for system security?
  • Claude Mythos
  • Claude Code
  • Fable 5
Since 2025, the Alberta government has been using 'Claude Code' to identify and fix system security vulnerabilities.
Q2. Which of the following is NOT a task Claude Code can perform automatically when it finds a vulnerability in a system?
  • Generating code to patch the vulnerability
  • Testing the modified code
  • Deleting the system
Claude Code can perform vulnerability detection, patch code generation, testing, and building, but it does not arbitrarily delete systems.
Q3. What does Claude Code do when there are no automated tests available in the system to verify a vulnerability patch?
  • Apply the patch without testing
  • Claude writes test code itself first
  • Abort the task
When a system lacks tests, Claude intelligently writes test code first to verify the safety of the patch.
Can AI Automatically Fix Se...
0:00