Anthropic published a set of partner case studies on Claude Opus working inside production security programs at Wiz, Palo Alto Networks and Accenture. The results are striking on their own, but Australian security leaders should not treat them as a generic vendor showcase. Each pattern lines up against a specific regulatory pressure Australian firms already face: APRA CPS 234 for the banks, SOCI obligations for critical infrastructure operators in energy, water, ports and telecommunications, and the operational reality that Sydney and Melbourne security teams are competing for a very small pool of senior offensive and detection talent.
The three partner results that matter for Australia
The Wiz result is the headline number. Claude Opus runs continuous pentesting across roughly 150,000 production assets every week with zero false positives reported in the published material. Wiz translates that into a single phrase that lands hard in any AU board paper: a year of pen-testing compressed into under three weeks. Palo Alto Networks is using Claude Opus inside SOC analyst workflows for alert triage, malware reverse engineering and detection authoring. Accenture has folded Claude Opus into its security consulting practice for vulnerability assessment and incident response delivery.
Three things are worth pulling out before any AU team writes a business case. First, the work is bounded. None of these partners hand Claude Opus an unscoped licence to act inside production. Second, the value is in throughput and floor quality, not in firing humans. Third, the value compounds where the input data is messy, voluminous and structured enough for Claude to read with care: log streams, alert queues, code repositories, vulnerability reports, asset graphs.
Wiz: continuous AppSec testing across roughly 150,000 weekly production assets with zero false positives in the reported window.
Palo Alto Networks: SOC analyst augmentation for triage, malware analysis, and detection rule authoring.
Accenture: vulnerability assessment and incident response inside a consulting delivery model.
Common thread: Claude Opus is paired with a strong human review loop, not handed unsupervised production authority.
Mapping the Wiz pattern onto an APRA CPS 234 program
APRA CPS 234 requires regulated entities to maintain information security capability commensurate with the size and extent of threats, and to test controls with a frequency that matches threat materiality. Most Australian banks and insurers run a quarterly internal pentest cycle and a yearly external one. A mid-size ADI in Sydney typically spends around $450,000 a year on external offensive security retainers, with another $1.2M sitting inside the internal AppSec team budget. That is the number to put next to the Wiz result.
The Wiz pattern is not a replacement for the external retainer, and the CPS 234 audit trail still requires evidence of independent testing. What the pattern does change is the floor. If Claude Opus can continuously test the 80 percent of the application surface that the external retainer only touches once a quarter, the external assessor is freed to spend hours on the 20 percent of the surface that genuinely needs human creativity. For an APRA-regulated firm, that improves the CPS 234 testing posture without changing the auditor sign-off path.
The practical setup looks like this. Claude Opus runs against a scoped asset inventory, produces findings into a queue, and a senior offensive engineer reviews each finding before it becomes a ticket. The engineer becomes the rate-limiting authority on what reaches the ticketing system. False positive control comes from that human review gate, not from trusting the model output blindly. AUSTRAC-regulated payments firms can use the same shape with the additional control of a privacy review on what assets and data get loaded into the prompt context.
Critical infrastructure: SOCI obligations and continuous testing
The Security of Critical Infrastructure Act now covers eleven sectors in Australia, including energy generation and distribution, water, ports, freight, communications and data storage. SOCI Part 2A requires designated responsible entities to maintain a Critical Infrastructure Risk Management Program and report cyber incidents within strict windows. The Wiz and Palo Alto patterns map onto two different SOCI obligations.
On the detection side, the Palo Alto pattern is the closer fit. Claude Opus reading log streams, drafting detection rules and triaging analyst queues shortens the time between an anomaly and a meaningful response. For a regional electricity distributor running a small SOC against thousands of OT and IT assets, the analyst capacity uplift is the difference between meeting the SOCI 72-hour incident notification window and missing it. On the testing side, the Wiz pattern works for the IT estate but should not be pointed at OT networks without explicit network segmentation and a separate scoping exercise.
What Australian security teams should do next quarter
A reasonable next-quarter shape, for a mid-size Australian bank or critical infrastructure operator, is a four to six week scoped pilot. Pick one application surface or one alert queue. Set a measurable goal, for example a 40 percent reduction in median alert triage time or a doubling of weekly continuous AppSec coverage. Put a senior engineer in the review seat from day one. Run it under the existing change-control regime, not outside it. Report the result to the CISO with the same evidence rigour the team already applies to any new control.
Two AU-specific caveats are worth setting expectations on. The first is data residency. Claude is available through endpoints that keep customer data inside Anthropic's standard processing path, and customer data is not used to train Claude models. The Privacy Act 1988 obligations on personal information still apply to whatever asset metadata, source code and ticket data the security team puts in front of the model, which means the scoping decision is the privacy-impact decision. The second is talent. Sydney senior offensive engineers are priced at roughly $230,000 base in 2026, and there are not enough of them. Claude Opus does not change the salary number; it changes the throughput each of those engineers can deliver, which is the real lever for a CFO conversation.
For Australian banks, telcos, energy operators, and the consulting firms serving them, the Wiz, Palo Alto and Accenture set is the most useful published security reference Anthropic has shipped this year. The right reading is not whether Claude Opus replaces a SOC analyst or an external assessor. The right reading is how much CPS 234 and SOCI program maturity the same budget can buy when Claude Opus is sitting underneath the existing human review structure.
Automata AI runs scoped Claude security pilots for Australian banks, critical infrastructure operators and the consulting firms supporting them. If you want to walk through what a four-week pilot looks like against your CPS 234 program or your SOCI Risk Management Program, you can book a 30-minute brainstorm.
