Alberta just gave Canadian operators one of the clearest public-sector AI security case studies of 2026: Claude Code scanning hundreds of millions of lines of government code in hours, not years — with humans still signing the patches.
What Alberta actually did
According to Anthropic's July 6, 2026 case study, Alberta's Ministry of Technology and Innovation used Claude Code with Opus and Sonnet models to review systems across 27 ministries — roughly 1,280 applications and 3,400 repositories. About 50 agents worked in parallel. The ministry reports scanning 466 million lines of code in about 20 hours, versus an estimated 6.5 years for a traditional approach.
Human-reviewed remediation, not autopilot patches
Where the scan found a vulnerability, Claude Code often generated a fix, wrote missing tests first when needed, and in some cases rebuilt outdated systems. Anthropic's write-up is explicit: every patch was reviewed and approved by ministry engineers before shipping. Continuous red-team and blue-team agents now check applications against roughly 95 security controls.
Why this matters for Canadian businesses
If a provincial government can productize agentic code review with approval gates, private firms in Edmonton, Calgary, and Sherwood Park have no excuse for ad-hoc chatbot security reviews. The lesson is process design: inventory systems, define risk tiers, run parallel agents, require human approval, and publish an audit trail.
The next Alberta move
Alberta plans to consolidate 185 legacy applications in one ministry into 16 modern reusable apps, expand agent-built tools with engineers, and share methods through white papers and an Edmonton industry day. That is a modernization roadmap, not a one-off demo.
