GoKawiilDefending Code Reference Harness
A reference implementation for autonomous vulnerability discovery and remediation with Claude, based on our learnings from partnering with security teams at several organizations since launching Claude Mythos Preview. For a write up of these learnings along with best practices, see the accompanying blog post (also available in blog-post.md ). For a lightweight SDK-only walkthrough of the same recon → find → triage → report → patch loop, see the companion cookbook.
This repo is not maintained and is not accepting contributions.
🔒 Want a managed option? Anthropic offers Claude Security, a hosted product that finds and fixes vulnerabilities in your source code across multiple projects. Claude Security scans your repository for vulnerabilities, applies a multi-stage verification pipeline to reduce false positives, and lets you manage findings through their lifecycle: triage, fix validation, and rapid fix generation. This repository is an open-source reference implementation based on general best practices for finding vulnerabilities using Claude. You can use it to build your own vulnerability finding pipeline, customize the logic, and it can be used with whatever access you have to Claude APIs (including Bedrock, Vertex, or Azure).
Contents
Claude Code skills : /quickstart , /threat-model , /vuln-scan , /triage , /patch , /customize : interactive scoping, scanning, triage, and patching. Open this repo in Claude Code and run /quickstart to get oriented.
: , , , , , : interactive scoping, scanning, triage, and patching. Open this repo in Claude Code and run to get oriented. harness/ : the autonomous reference pipeline (recon → find → verify → report → patch), configured for finding C/C++ memory vulnerabilities using Docker and ASAN. This harness is a reference, not a product. The general shape, prompts, and sandboxing are reusable, but the harness will not work on every codebase out of the box. Run /customize to port it to your language, detector, or vuln class.
⚠️ Security: /quickstart , /threat-model , /vuln-scan , and /triage only read and write files. Running /patch on static findings ( TRIAGE.json or VULN-FINDINGS.json ) is likewise read- and write-only. /customize edits the harness code and runs validation commands. Any of these skills are safe to run unsandboxed, as long as you review and approve each tool use in Claude Code. The autonomous reference pipeline (including /patch on pipeline results) executes target code, so it refuses to run outside of a gVisor sandbox unless explicitly overridden. To get set up, run scripts/setup_sandbox.sh once, then invoke the pipeline via bin/vp-sandboxed . See docs/security.md and docs/agent-sandbox.md for more details.
Getting Started
git clone https://github.com/anthropics/defending-code-reference-harness cd defending-code-reference-harness claude # 30-sec intro + guided first run on the canary target > /quickstart > /quickstart how do I port the pipeline to Java ? > /quickstart how do I triage all these bugs ?
... continue reading