Claude Code Project
I'm a security engineer, not a software developer. I know enough Python to be dangerous, but I don't spend my days shipping code. So when I decided to build a fully automated phishing analysis pipeline during one of our internal hackathons, I expected to spend most of my time fighting infrastructure, syntax errors, and API docs.
That's not what happened.
The Problem I Was Trying to Solve
We spent a significant amount of time reviewing reported phishing emails. I wanted to fix that.
The goal was to build something that would ingest a reported email, automatically rip out every relevant artifact (URLs, sender IP, attachments, headers), run them through threat intelligence APIs, and use Claude to synthesize a verdict.
What I Built
Without going into specifics, I was able to create a phishing analysis bot that did the following:
An employee forwards a suspicious email to a dedicated mailbox. That triggers an automated pipeline that extracts every relevant artifact and runs it through several threat intelligence APIs. All of that enrichment gets handed to Claude, which synthesizes a verdict: phishing, suspicious, or legitimate, with a confidence score and a plain-English summary of why.
The output is sent to our security team as a color-coded report. An analyst reviews it, clicks a button to confirm or override, and the reporter gets an automated reply. For the routine stuff, nobody has to touch it manually.
Where Claude Code Actually Helped
Scaffolding the architecture. I described the problem in plain English and got back a complete architecture proposal, not just vague suggestions, but actual component choices with rationale. I pushed back on a few things, we iterated, and landed on something I was happy shipping.
Writing the code. I didn't type most of this codebase. I described what each module needed to do, and Claude Code produced working first drafts. I reviewed the code, caught a few things, asked for changes. But the scaffolding was there.
Debugging. This was probably the biggest surprise. When something broke, and things broke, I'd paste the error, describe what I expected, and get a fix. Not a list of things to check. An actual fix, usually correct on the first try.
Documentation. The runbooks and guides were all drafted by Claude. I edited for accuracy. I didn't write them from scratch.
The Part That Actually Surprised Me
I've tried a lot of AI coding tools. Most of them are good at autocomplete and bad at reasoning about a problem end-to-end.
What differed here was the continuity. I could say, "the campaign detection is too aggressive; it's flagging this domain as malicious, but it’s a known sender, so we're getting false positives," and receive a thoughtful fix addressing the root cause, not just the symptom. The context persisted throughout the entire build.
It also pushed back on me. When I wanted to add auto-remediation (automatically blocking emails from all recipient inboxes on a high-confidence phishing verdict), it raised the risk of false positives nuking legitimate email at scale before I had a feedback loop in place. It was right.
Would I Do It Again?
Yes, obviously. A project that probably would have taken me 3-4 weeks of evenings and weekends took a single sprint. The bot is running. It's analyzing real phishing emails. The security team is getting summary alerts instead of manually triaging every forwarded email.
The workflow isn't magic. You still need to know what you're building and why. But if you're a security engineer who wants to ship tooling without becoming a full-time developer, Claude Cowork is the closest thing I've found to having a senior engineer pair-programming with you at 11pm.