Alberta scanned 466 million lines of government code with Claude Code agents in 20 hours
Alberta's technology ministry disclosed on July 6, 2026 that it ran roughly 50 Claude Code agents in parallel to review the code behind its entire government IT estate, finding and patching security gaps with a human engineer approving every change.
The Government of Alberta disclosed on July 6, 2026 that it used Claude Code to review the code behind its entire government IT estate, running roughly 50 autonomous agents in parallel to scan 466 million lines in about 20 hours. The province is selling it as a security and modernization win, and the reported speedup is dramatic. The more durable signal is that a government has moved agentic coding tools into production for security-critical work, with a human engineer signing off on every patch before it ships.
What Alberta ran
Alberta’s Ministry of Technology and Innovation maintains the systems for all 27 provincial ministries, a portfolio Anthropic’s case study puts at roughly 1,280 applications and 3,400 code repositories, most of which had never had a systematic security review. The ministry pointed Claude Code, running on Opus and Sonnet, at that estate. Around 50 agents worked in parallel, split into what the province describes as red team and blue team roles: attacker-style agents probing for weaknesses and defender-style agents checking roughly 95 security controls on each pass through an application. The team says the 20-hour scan would have taken about 6.5 years by conventional methods, and it points to concrete rebuilds, including a 25-year-old Java subsidy portal reconstructed in four to five days.
Those figures come from Alberta and Anthropic, and independent outlets so far have relayed the government’s release without their own verification, so the speedups are best read as directional claims rather than audited benchmarks. The part that is harder to wave away is the operating model. Fanning out many agents, dividing them into adversarial and defensive roles, and gating every change behind human review is close to the pattern development teams have been trying to assemble on their own projects. Alberta’s contribution is showing it run across a government’s worth of legacy code with the human-approval step kept in place: before any patch shipped, the ministry’s engineers reviewed and approved it.
Where this lands in the market
This follows California, which on June 29 made Claude an entitlement across every state agency at a discount. The two stories rhyme but are not the same. California was a procurement headline: a frontier model became a default option through a shared portal. Alberta is a technical proof point: here is the work the agents actually did. Together they suggest government adoption of Claude is moving past pilots, and that security and legacy modernization, not chatbots, is emerging as the wedge use case. Anthropic appears to be using both to position Claude Code as an enterprise and public-sector modernization tool rather than a developer’s IDE assistant, and Alberta’s decision to publish its methods as a set of open technical white papers reads as a deliberate attempt to make its approach copyable by other governments.
For working developers, the interesting question is not the headline line count but the review burden. An agent fleet that generates patches faster than humans can read them does not save time, it relocates the bottleneck to code review. Alberta’s claim is that its engineers stayed in the loop on every change, which is the right design and also the hardest part to sustain as the program scales.
What’s worth watching
- Whether the patches hold up. AI-generated security fixes can introduce new bugs, and a fast scan is only as good as the review behind it. The signal to watch is whether Alberta’s human-approval gate survives contact with the volume it created, especially as the province expands the approach across government this fall.
- Whether the white papers become a template. If other governments copy Alberta’s method the way states may copy California’s procurement model, agentic security review starts to look like standard public-sector practice rather than one province’s experiment.
- The consolidation, not the scan. The case study describes a plan to fold 185 legacy applications into 16 modern ones. Scanning code quickly is the demonstrable part. Rebuilding and consolidating a legacy estate without regressions is where the claim actually gets tested.
Scanning a codebase fast is a demo. Keeping a rebuilt government estate secure and maintainable is the product. Alberta has shown that agents can do the first at scale with a human still in the loop; the next year shows whether the second holds. Stackmaven’s follow-up coverage will revisit the rollout on or around October 5.