Should I review Claude code for security?

Yes, all Claude-generated code should undergo security review before production deployment, just like code from any other source. While Claude often generates more defensively written code compared to other AI models, it cannot account for your application-specific security requirements, existing vulnerability patterns in your codebase, or your infrastructure constraints. Subtle issues like insecure default configurations, missing rate limiting, and incomplete access control logic can slip through even in well-structured Claude output. Combining manual review with automated scanning provides comprehensive coverage. UNPWNED automates the external security assessment, complementing your code review process with runtime vulnerability detection.