Anthropic's open-source framework for AI-powered vulnerability discovery (github.com) AI

Anthropic has published an open-source “Defending Code Reference Harness” on GitHub that outlines an autonomous recon→vulnerability discovery→verification→reporting→patching loop using Claude, including interactive “skills” for threat modeling, scanning, triage, and patch generation. The repo includes a sandboxed pipeline configured to find C/C++ memory vulnerabilities via Docker and ASAN, with gVisor isolation for running code and an emphasis on using reference stages and customization to adapt to other languages and vulnerability classes.