The Defending Code Reference Harness is Anthropic's reference implementation for AI-powered security vulnerability discovery, released alongside their 'Securing Tomorrow's Software' research. At 2,200+ GitHub stars and 504 points on Hacker News (#1), it demonstrates how Claude agents can systematically find, verify, and patch security flaws in real codebases. The pipeline combines threat modeling, vulnerability scanning, proof-of-concept exploit generation, and automated patching — all running inside gVisor sandboxes with multi-agent verification to prevent false positives. Ships both interactive Claude Code skills for developers and a fully autonomous batch-scanning pipeline for CI/CD integration.
The Defending Code Reference Harness is Anthropic’s open-source implementation of an AI-driven vulnerability discovery pipeline. Rather than relying on static analysis rules or signature matching, it uses Claude agents to reason about code the way a security researcher would — understanding data flows, trust boundaries, and attack surfaces before scanning for specific vulnerability classes. The pipeline was released alongside Anthropic’s “Securing Tomorrow’s Software” report demonstrating that AI agents can find novel vulnerabilities in real-world open-source projects.
The architecture is built around isolation and verification. Each scanning agent runs inside a gVisor sandbox, preventing any discovered exploit from escaping the analysis environment. Findings go through a multi-agent verification step where independent Claude instances attempt to reproduce the vulnerability and assess its severity, dramatically reducing the false-positive rate that plagues traditional static analysis tools.
The repository is explicitly marked as “not maintained and not accepting contributions” — it is a reference implementation, not a supported product. Anthropic sells Claude Security as a hosted enterprise product for organizations that want managed vulnerability scanning without operating the pipeline themselves.
Interactive skills for developers: The harness ships six Claude Code skills that integrate into a developer’s existing workflow. /threat-model maps the attack surface of a codebase. /vuln-scan runs targeted scans against specific vulnerability classes. /triage prioritizes findings by exploitability and impact. /patch generates fixes with verification tests. /quickstart and /customize handle setup and configuration.
Autonomous batch pipeline: For CI/CD integration, the harness runs as a fully autonomous pipeline that scans entire repositories without human intervention. Configurable agent counts and token budgets let teams balance thoroughness against cost.
Sandbox-first architecture: Every agent interaction with potentially malicious code happens inside gVisor containers. The exploit-generation step — where agents attempt to build working proof-of-concept attacks — is fully sandboxed so that a successful exploit never touches the host system.
Security engineers and AppSec teams who want to augment manual code review with AI-driven vulnerability discovery. Particularly valuable for organizations with large codebases where manual security review cannot keep pace with development velocity. Developers who want to integrate security scanning into their Claude Code workflow will find the interactive skills immediately useful. Teams evaluating AI security tooling should note that this is a reference implementation — for production enterprise use, Anthropic’s hosted Claude Security product provides managed infrastructure and support.
Builder.io's open-source framework for building agent-native applications — shared actions, SQL-backed state, identity, tools, skills, jobs, observability, and UI surfaces that all work together.
Persistent memory layer for AI coding agents — benchmark-backed (95.2% on LongMemEval-S), 92% fewer tokens per session vs full-context pasting, zero manual memory.add() calls.
Open-source AI pair programming tool that works in your terminal to edit code across your entire repository.