CloudCodeTree LogoCloudCodeTree
AI NewsTutorialsAbout
CloudCodeTree Logo
CloudCodeTree
  • AI News
  • Tutorials
  • About
← Back to AI News
50 Parallel Agents, 466 Million Lines, 20 Hours: How Alberta Scaled Security Review With Claude Code

50 Parallel Agents, 466 Million Lines, 20 Hours: How Alberta Scaled Security Review With Claude Code

Chris Harper

2 min read

Jul 14, 2026 · 20:04 UTC

AI
Workflow
Security
Agents
Claude Code

TL;DR: Alberta's Ministry of Technology scanned 466 million lines of government code in 20 hours with ~50 Claude agents — a two-stage rules-then-LLM pipeline that would have taken 6.5 years manually.

The architectural detail that makes this replicable: a cheap rules-engine first pass surfaces candidates, then Claude reasons about each one. That separation is the key to scaling LLM-based analysis over millions of files without burning your token budget.

The architecture

Stage 1 — Rules engine sweep. A traditional SAST/rules engine scanned all 1,280 applications and 3,400 repositories, flagging known patterns. Fast, cheap, deterministic.

Stage 2 — LLM review of flagged code. Claude Code agents reviewed each flag: reasoning about exploitability, citing exact file and line number, and generating remediation code where possible. Around 50 agents ran in parallel across repositories.

Each application also received a dedicated red-team agent (simulate external attack paths) and blue-team agent (assess defenses against international security standards) — about 95 security controls per application, per pass.

The results

  • 466M lines reviewed in ~20 hours (est. 6.5 years manually)
  • Traditional automated scanners missed issues Claude caught
  • A 25-year-old Java subsidy portal was rebuilt in 4–5 days
  • Built on the Claude Agent SDK

Replicate this pattern

The design generalizes to any large-scale codebase analysis:

  1. Fast filter first. Use regex, a linter, or a rules engine to shrink the problem space by 90% before any LLM call. Feed only the flagged items to Claude.
  2. One agent per repository, run in parallel. With the Claude Agent SDK, spin up a subagent per repo with a focused system prompt. Run them concurrently — wall-clock time is the limiting factor, not cost, because each agent sees only its own scope.
  3. Separate red/blue roles. An agent looking for exploitability and an agent checking defense posture catch different things. Independent perspectives at the same cost.
  4. Structured output with citations. Instruct each agent: "Output file.py:line — verdict — one-line explanation." Human reviewers can triage without opening the code.

A working proof-of-concept takes an afternoon: pick a linter to do stage 1, write a short system prompt for stage 2, and run it against one repo with claude --print --max-turns 3.

Sources: Government of Alberta uses Claude to find and fix cybersecurity vulnerabilities — Anthropic · Alberta Claude Code AI Security Review Checklist — LinkLoot · Claude Agent SDK overview