Anthropic releases open-source reference pipeline for Claude-driven vuln discovery

Anthropic published a reference implementation showing how to wire Claude into an autonomous vulnerability discovery loop: recon, find, verify, report, and patch. The repo bundles Claude Code skills (/threat-model, /vuln-scan, /triage, /patch) for interactive work alongside a containerized pipeline configured to hunt C/C++ memory bugs using Docker and ASAN. It is explicitly a starting point rather than a maintained product — teams are expected to fork and port it to their own language and vuln class via a /customize skill.

The architecture leans hard on isolation. Autonomous agents run inside gVisor sandboxes with egress restricted to the Claude API, and the pipeline refuses to launch outside that sandbox without an explicit override. A recon agent partitions the target into distinct attack surfaces so parallel find agents don’t converge on the same bug, and a separate grader agent reproduces each crash in a clean container, accepting only the PoC as input to limit cross-contamination from a potentially compromised find agent.

The accompanying guidance reflects what Anthropic learned partnering with security teams during its Claude Mythos Preview: skip the months-long pipeline design phase, run the interactive loop end-to-end on day one, then move to the autonomous harness on a known-vulnerable library on day two. Anthropic also flags a hosted alternative, Claude Security, for teams that want a managed scanner with false-positive filtering and finding lifecycle management instead of building their own.