Skip to content
Rush Commerce
Software & Dev3 min read

Alberta scanned 466M lines of code with Claude in 20 hours

Alberta ran ~50 Claude agents to scan 466M lines of code in 20 hours, then rebuilt 25-year-old systems. The audit-and-modernize playbook for small teams.

The pitch for AI coding agents has always been "write features faster." The more interesting use showed up this week from an unglamorous place: a provincial government pointed a swarm of agents at its own aging code and found the holes before anyone else could. The Government of Alberta used Claude Code to scan 466 million lines of government code in 20 hours — work Anthropic says traditional review could have taken around 6.5 years. If you're sitting on software you're afraid to touch, this is the clearest demo yet that the audit is now cheap.

What actually happened

Per Anthropic's July 6 case study, a team inside Alberta's Ministry of Technology and Innovation ran around 50 agents autonomously and in parallel across systems spanning all 27 provincial ministries — roughly 1,280 applications and 3,400 code repositories. The agents cited exact files and lines, generated fixes, and wrote tests.

The review used a red-team/blue-team split built on Claude Opus and Sonnet: a "red team" agent probes an application from the outside while a "blue team" agent assesses its defenses, checking each app against roughly 95 security controls. Crucially, before any patch shipped, a human engineer reviewed and approved it — the agents did the grunt work, people kept the call.

The part that should get an operator's attention is the modernization. Where code was too old to patch cleanly, Claude rebuilt it. A subsidy-program portal originally hand-coded in Java about 25 years ago — five months to build the first time — is the kind of system that could now be rebuilt in as little as four to five days.

Why it matters for your business

Most small companies carry at least one system nobody wants to open: the Access database that runs billing, the decade-old plugin holding the site together, the script only one person understands. The reason it never gets fixed is that a security audit or a rewrite used to cost weeks of senior time you couldn't spare. That math just changed.

You don't need 50 agents or a ministry. You need one repo, an agent with the right guardrails, and a human who approves every change before it ships — the same shape Alberta used. Point it at your riskiest system, get a ranked list of real vulnerabilities with file-and-line citations, and decide what to patch versus rebuild. The audit is now hours, not a quarter. The excuse for flying blind is gone.

Key takeaways

  • Alberta ran ~50 Claude Code agents to scan 466M lines across 27 ministries (1,280 apps, 3,400 repos) in 20 hours — work estimated at ~6.5 years by hand
  • Red-team/blue-team agents checked each app against ~95 controls; a human approved every patch before it shipped
  • Legacy systems too old to patch got rebuilt — a 25-year-old Java portal in four to five days instead of five months
  • Operator move: point one guardrailed agent at your riskiest system, get file-and-line findings, keep a human on approvals

Which of your systems are you afraid to open? We audit and modernize the software small businesses depend on — security review, ranked findings, and rebuilds on stacks you own, with a human approving every change. See how we modernize legacy systems or tell us what you're scared to touch.

Sources: Anthropic, Digital Watch Observatory.

  • #ai-automation
  • #cybersecurity
  • #legacy-modernization
  • #claude-code
  • #software-dev
TR

Tommy Rush — Founder, Rush Commerce

Operator turned builder. 15+ years running operations — now shipping the systems businesses run on. More

Get The Rush Report weekly — one email, zero fluff.