Claude's Security Review Command Has Limitations for Production Systems

Security Review Command's Scope

The developer used Claude's security review command during development of cloakbioguard.com, running it after code chunks before Git commits. It helped with basic validation tasks: restricting uploads to specific image types, validating structure, enforcing size and dimension limits, and rejecting obvious bad inputs.

Production Reality Check

After launch, encountering a suspicious user with spammer-style name and fake credit card revealed the need for deeper security. The developer realized basic validation wasn't enough and identified critical questions that emerged:

• What code is parsing untrusted bytes?
• What secrets live in the same runtime?
• What can that runtime reach over the network?
• If image parsing is exploited, what is the blast radius?
• Can an attacker pivot from file handling into billing, admin, storage, or internal systems?

Architectural Solution

The response was a two-week sprint with significant architectural changes. Instead of having the main API handle everything, file processing was split into a separate upload worker with different trust boundaries.

The new flow:

• Main API accepts requests and performs lightweight validation only
• Raw uploads write to short-lived ingest buckets
• API creates jobs and publishes to a queue
• Separate worker processes images asynchronously
• Worker reads raw files, scans, normalizes, writes results to output buckets, and updates job status
• Clients receive results through short-lived signed URLs

Security Benefits

This architecture provides several security advantages:

• Untrusted file parsing no longer sits next to sensitive API logic
• Worker has tightly scoped permissions: can read ingest objects, write output objects, and consume jobs
• Worker does not have Stripe secrets, admin keys, or broad internal access
• Runs under dedicated least-privilege service account

Network Hardening

The upload worker runs through a VPC connector with restricted egress. Instead of allowing arbitrary outbound traffic, access is explicitly limited to:

• Required Google APIs
• DNS
• Only narrowly approved destinations if needed

Everything else is denied by default. This restriction reduces the chance that a compromised worker can beacon out, exfiltrate data, or reach arbitrary infrastructure.

Key Takeaway

Claude's security review command helped secure the endpoint but didn't create the system design the developer considers closer to industry standard. The experience highlights that automated security checks are useful for basic validation but insufficient for comprehensive production security that requires architectural thinking about trust boundaries and blast radius.