Anthropic Open-Sources Autonomous Vulnerability Discovery Framework

What happened

Anthropic has open-sourced a comprehensive framework for AI-powered vulnerability discovery, giving security teams a reference implementation for finding and fixing bugs autonomously with Claude. The defending-code-reference-harness repo includes Claude Code skills for threat modeling, scanning, triage, and patching.

Why it matters

The framework runs inside a gVisor sandbox, handling the full recon-to-patch loop - from scoping a codebase to identifying vulnerabilities to generating verified fixes. Already at 1,700 GitHub stars, it is based on Anthropic's real-world partnerships with security teams since launching Claude Mythos Preview.

What's next

Alongside the open-source release, Anthropic also launched Claude Security, a managed product that applies multi-stage verification to cut false positives across repositories. Between the DIY reference harness and the hosted offering, teams now have a clear on-ramp for AI-assisted vulnerability management.