Anthropic's open-source framework for AI-powered vulnerability discovery

AI
Security
Open Source
Developer Tools

Anthropic posted an open-source “reference harness” for AI-powered vulnerability discovery. In plain terms, it is a framework that wires a coding model into a repeatable security workflow so it can inspect code, run tools, and iterate toward bug findings. The repo is explicitly a reference implementation, not a maintained community product, and that shaped the reaction: people read it less as software to adopt verbatim and more as a concrete template for how Anthropic thinks these systems should be assembled.

The strongest read was that the value is in the harness, not in the model call by itself. Several practitioners said you do not get much from Claude or Codex without a lot of scaffolding around target selection, environment setup, retry strategy, prompts, tool use, and result triage. That makes this repo useful, but mainly as a “shop jig” you copy and adapt to your own workflow. People building real systems said they keep discovering bugs their current harnesses still miss, then have to teach the system new techniques. In other words, the hard part has shifted from writing a scanner to encoding audit experience into an evolving process. Cost came up immediately. Based on Anthropic’s own token-rate guidance, many expected scans to get expensive fast, especially with repeated runs or continuous use. The consensus was not that this makes the idea useless. It was that the economics only work when compared against scarce human security expertise, formal audit engagements, or old codebases where high-severity bugs are already lurking. That reframed the tool away from “secure every commit with AI” and toward “spend serious compute where the downside of missing something is worse.” Several commenters also stressed that finding issues is only half the job. Without strong filtering and human review, you just create a new denial-of-service problem for maintainers in the form of plausible-sounding false positives. A more pointed theme was that AI is not mainly creating new security risk here. It is surfacing old risk faster. People close to security work argued that the destabilizing effect is the sudden ability to discover severe vulnerabilities in existing legacy code at much higher volume. That makes this less a story about AI-generated slop needing cleanup and more a story about latent defects in widely deployed software becoming legible all at once. The practical implication is uncomfortable but clear: defenders and attackers are now shopping in the same compute market, and whichever side can better operationalize search, triage, and remediation will have the edge.

Treat this as a pattern library, not a finished product. If you want AI-assisted security work, budget for custom workflow engineering and human validation, and assume the economics will only make sense on high-value code or expensive-to-audit legacy systems.

June 4, 2026
github.com
Discuss on HN

Discussion mood

Interested but unsentimental. People liked seeing a real implementation, but most treated it as product marketing plus a useful skeleton. The mood was shaped by three concerns: high token costs, lots of expected false positives, and the belief that custom harness design and human triage still dominate outcomes.

Key insights

Harness quality decides whether this works

Harness design is the real product here. Raw model access does little unless you encode how to choose targets, expose the right tools, steer the search, and verify findings. Practitioners already using similar systems said they keep adding specialized techniques as they encounter misses, especially for harder bug classes like cryptographic flaws. That turns vulnerability discovery into accumulated operational knowledge, not a one-time prompt engineering trick.

Do not evaluate AI security tooling by model benchmarks alone. Ask how the system scopes targets, retries, validates results, and incorporates lessons from past misses.

Attribution:

tptacek #1
agravier #1
baby #1

The compute spend is replacing scarce security labor

The expensive part is not absurd once you compare it to the alternatives. Security work has always cost more than initial code production, and several comments argued the right baseline is human audit time, not the cost to generate code. For legacy memory-unsafe systems and other hard targets, AI-assisted discovery can be cheap relative to expert review. The immediate pressure comes from old vulnerabilities being found at scale, not from models introducing entirely new classes of flaws.

Use this first on code that is expensive for humans to audit and costly to get wrong. Legacy systems and critical services will justify the spend faster than routine application code.

Attribution:

nikcub #1
tptacek #1 #2

Scanning behaves like probabilistic search

Repeated runs are not a bug in the process. They are the process. Comments pointed out that these systems often rerun the same target many times with different prompts or temperatures because results are non-deterministic. That makes the economics look less like static analysis and more like a stochastic search budget. Security teams already lived with this uncertainty in human audits, but AI compresses it into token spend and parallel runs.

Plan for multiple passes and diminishing returns instead of a single definitive scan. Put explicit budgets and stopping rules around repeat attempts.

Attribution:

Analemma_ #1
xerxes249 #1
sofixa #1
beering #1

False positives can overwhelm maintainers

A weak triage loop turns this into 'vibe auditing' that burns developer attention without improving security. Comments from auditors said maintainers are already flooded by low-quality automated reports, and AI can amplify that failure mode with more polished nonsense. Good findings still need expert review, and bad findings become operational noise that blocks adoption.

Measure precision before celebrating recall. If your team cannot quickly validate and prioritize outputs, the scanner will create backlog, not safety.

Attribution:

baby #1
chrisweekly #1
bflesch #1

Libraries may gain value by constraining agents

One subtle pushback to the 'everything becomes bespoke' idea was that good libraries become more valuable when agents use them. Well-designed abstractions keep the model on tested paths and reduce the chance it wanders into inconsistent custom code. In that framing, open source shifts from reusable finished software to reusable rails for generated software.

Invest in opinionated internal libraries and interfaces. They can make agent-generated code and security workflows more reliable than greenfield generation from scratch.

Attribution:

tptacek #1
flir #1
nbardy #1

This is product packaging as much as open source

The repo’s 'not maintained' status made the intent obvious to many readers. It looks like a public reference architecture that demonstrates Anthropic’s commercial security offering and shows buyers how the pieces fit together. That does not make it useless. It just means the durable value is in revealing the shape of the workflow, while the polished version likely lives behind a sales process.

Mine vendor repos like this for architecture and workflow ideas, not long-term dependencies. Assume the supported, updated version will be the managed product.

Attribution:

cpard #1
Hamuko #1
skeledrew #1
yalogin #1

Against the grain

A security engineer may still be cheaper

For teams shipping frequently, repeated full-codebase or pre-merge scans can look economically upside down. One view was that regular scanning at this intensity quickly costs more than hiring dedicated security staff. The rebuttal was that current AI systems may already match the output of many more engineers than most companies could hire. That disagreement changes the adoption question from 'is this neat' to 'which orgs actually have enough security work to amortize it.'

Model the scan schedule against your release cadence and team size before buying into the workflow. High-frequency deployment teams need a tighter cost case than occasional audit-driven users.

Attribution:

jazz9k #1
vessenes #1

Normalization may be the real strategic play

One commenter argued the point is not just finding bugs. It is getting companies comfortable sending source code to Anthropic in the first place. Security scanning provides a strong reason to centralize sensitive code in a vendor workflow, and once that trust boundary is crossed, selling adjacent model-powered services gets easier.

Treat vendor security tooling as a data-governance decision, not just a feature purchase. Review what new code-access norms you are establishing inside the company.

Attribution:

skybrian #1

Secure-by-construction still beats scan-after generation

Some readers rejected the emerging business model outright. Their complaint was simple: if models are writing code, they should write code that avoids basic security mistakes instead of creating demand for a second model pass to clean them up. The reply was that the hardest vulnerabilities span large codebases and dependencies, so perfect first-pass security is unrealistic. Even so, the objection is useful because it targets incentives, not just capability.

Push AI coding tools on prevention metrics as well as detection metrics. If your stack relies on ever-larger downstream scanning budgets, your development process is getting more fragile.

Attribution:

bflesch #1
simonw #1

In plain english

Claude ↩

A large language model product from Anthropic used here as a coding assistant example.

Codex ↩

A code-focused language model and tool interface associated with OpenAI for generating and editing code.

legacy code ↩

Older existing software that is still in use and often harder to understand, change, or secure.

token ↩

A chunk of text a model reads or generates, used for both pricing and context limits.

Reference links

Cost and economics references

AI scanning cost calculator
Used to estimate the token cost of running AI vulnerability scans across a codebase or continuously.

Alternative tools and related projects

zkao.io
Referenced as an in-house or commercial harness used for cryptographic vulnerability auditing and as a point of comparison for false positives and missed bugs.
Vulture
Shared as a similar open-source tool using Claude and MCP for audit-style analysis.
Anthropic Cybersecurity Skills
Posted as another repository related to Anthropic-style cybersecurity workflows.
SRT
Suggested as a project that should be adapted to frozen models to improve them quickly.
agent-dotfiles
Mentioned as a way to package and reinstall personal AI-agent skills and extensions like dotfiles.
VulnerableApp
Suggested as a real target for comparing this harness against tools like ZAP and Burp.

Commentary on personal tooling

Why share
Linked to support the idea that AI is pushing software toward personal, unshared 'shop jig' style tools.