Anthropic Launches Open-Source AI Security Tool That Autonomously Finds and Patches Vulnerabilities

Anthropic launches an open-source AI security tool on GitHub that uses Claude to autonomously detect and patch software vulnerabilities, running agents in isolated sandboxes through a full recon-to-patch pipeline with threat modeling, scanning, triage, and automated patch validation.

• Anthropic releases an open-source reference harness on GitHub that enables autonomous vulnerability discovery and remediation using Claude, featuring interactive skills for threat modeling, scanning, triage, and patching across a recon-to-patch pipeline.
• The pipeline runs agents in isolated gVisor sandboxes with restricted network egress, targeting C/C++ memory vulnerabilities using ASAN, and supports parallel scanning, crash verification, deduplication, exploitability reporting, and automated patch validation.
• Security teams are encouraged to ramp up quickly over two weeks — starting with static scans and threat modeling on Day 1, running the full autonomous pipeline by Day 2, customizing it for their own stack by Day 5, and scaling to continuous autonomous scanning and patching in Week 2.