AI may be approaching a new phase in healthcare, on two fronts

Physicians are increasingly using agentic AI tools like Claude Code to build custom clinical applications, signaling a shift toward doctor-led software development within health systems. 

The potential is enormous. But experts warn that while these tools empower clinicians, they necessitate new security audits and professional engineering oversight to mitigate risks and protect against AI-generated vulnerabilities.

With Anthropic's latest frontier model, Claude Mythos, apparently able to detect system vulnerabilities, healthcare must act quickly to be ready for a new era of artificial intelligence-enabled cyberattacks, security leaders say.

Care teams want to build their own tools

Doctors using Claude Code to build custom patient care and workflow tools demonstrated their work and discussed these topics during a webinar on Thursday hosted by Anthropic.

Health systems, electronic health record developers and others will soon have to ask the question: "Why aren't we letting our physicians build these tools?" said Dr. Graham Walker, an emergency medicine physician and cofounder of clinical decision tool MDCalc and financial tool Offcall. 

Claude Code is an agentic coding assistant that reads codebase, edits files, runs commands and integrates with development tools. It can help care teams build features, fix bugs and automate development tasks because it understands codebases and works across multiple files and tools, according to Anthropic.

Walker and Dr. Michał Nedoszytko, an interventional cardiologist, AI developer and third-place winner at Anthropic's hackathon earlier this year, demonstrated how to get started building clinical applications without extensive coding backgrounds by using the agentic coding program, which relies on the company's Opus 4.7 and Sonnet 4.6 AI models.

In an industry where access to data and plug-ins can be difficult, when doctors lead the development of technology, change will come, Nedoszytko said. 

"If the EHR is a problem, maybe just create your own," he said.

Privacy concerns with AI coding platforms

While Claude can set up VPNs and distribute tools on public servers, there could be privacy concerns under HIPAA, Europe's General Data Protection Regulation and other rules governing AI, the doctors acknowledged.

Nedoszytko noted that while his hackathon-winning post-patient visit tool was built on Claude with HIPAA pathways from the outset, physicians building tools with Claude Code still need engineers for production-ready code.

"It's one thing creating something on your computer, but another thing is actually running it with live data of patients, especially if you're within an institution," he said. 

Image

"This always needs to be run through your team." – Dr. Michał Nedoszytko

Daisy Hollman, a developer on Anthropic's Claude Code team, noted that they are working on regulatory plug-ins that go beyond the current HIPAA audit skill.

At present, using the HIPAA compliance audit review skill could ultimately make compliance audits faster and less costly, Walker said.

Anthropic's newly released command /ultrareview, available in Claude Code v2.1.86 and later versions, could catch security vulnerabilities in tools physicians create for their existing workflows, according to the company. 

"/Ultrareview can help catch security vulnerabilities in code before it's put into use," said an Anthropic spokesperson in an email reply to Healthcare IT News received on Friday.

"It's an extension of Claude Code's built-in code review capability that runs multiple independent review passes to surface potential bugs and issues," they explained. "Users can also customize reviews to focus on what matters most to them, like security. For example, a physician building a clinical workflow tool could use /ultrareview to flag security concerns before that tool is ever deployed."

AI coding can introduce security vulnerabilities

Security experts have expressed concern that Claude and other AI coding tools could introduce vulnerabilities in what they create. 

Dave Kennedy, CEO of security firm TrustedSec, told Forbes that novice developers won't spot flaws, "introducing serious defects."

"It’s very alarming," the former NSA analyst said in the article published on Wednesday. 

Security concerns across industries have flourished since Anthropic announced its latest frontier model, Mythos. 

The company launched Project Glasswing and is providing Mythos Preview access to 40 organizations, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia and Palo Alto Networks, to use now in their defensive security work.

Some of these organizations have reportedly begun testing their defenses to protect banks.

"Ultimately, this is less about a single model and more about a structural shift in how cyber risk is discovered, understood and managed," Radi El Haj, CEO of payments company RS2, told Healthcare IT News by email last week. 

"As AI continues to accelerate both insight and threat, the institutions that succeed will be those that treat cybersecurity not as a function, but as a core component of resilience and trust."

Time is up to secure against AI threats

In response to the explosive growth of AI, the Cloud Security Alliance released a whitepaper on April 12 and said every organization should work on a 90-day preparedness plan now.

Called "The 'AI Vulnerability Storm': Building a 'Mythos-ready' Security Program," the paper offers a series of advice and actions for CISOs, security leaders and board stakeholders to use for updating their security programs. 

"AI-driven vulnerability discovery and exploit development have accelerated dramatically," CSA said. "The time between disclosure and exploitation is shrinking, and security teams are being asked to respond faster than current operating models allow." 

The paper had a number of contributing authors, including Jen Easterly, CEO of RSAC and former director of the U.S. Cybersecurity and Infrastructure Security Agency; Chris Inglis, the former National Cyber Director at The White House; Rob Joyce former National Security Administration cybersecurity director; and Heather Adkins, CISO at Google. An impressive list of CISOs were named as reviewers.

The paper includes a timeline, "The Evolution of LLM-based Offensive Capabilities," that details how quickly AI is shifting cybersecurity protocols. 

On Nov. 14, 2025, Anthropic disclosed the first AI-orchestrated espionage campaign. Detected in September of last year, Chinese state-sponsored groups used Claude Code to autonomously run full attack chains – "recon through exfiltration" – across about 30 global targets, the CSA authors said in that timeline.

Last month, Anthropic released Claude Code Security to scan codebases and suggest patches. 

CSA recommends the tool along with a handful of other commercial and open source tools, but Anthropic's website invites visitors to join a waitlist for access.

"Turn agents and LLM capabilities inward on your own code and dependencies," CSA advised as a priority action for a "Mythos-ready Security Program." 

"Start immediately by asking an agent for a security review of any code, then build toward a full audit within your CI/CD pipeline, and shift left by adding capabilities directly into developers' coding agents. All code (human or AI-generated) should pass LLM-driven security review before merge."

One of the paper's contributing authors, Katie Moussouris, CEO and founder of Luta Security, has long advised organizations of all sizes to ensure that they have a full understanding of all their assets. 

Asset management is critical to understand known and unknown vulnerabilities in the age of AI, she told Healthcare IT News last year. 

Good posture "is key to survival." 

This story was updated on April 27, 2026, to include comments from Anthropic.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.