Author

claudenews

Anthropic’s Reference Harness for Autonomous Vulnerability Discovery

Anthropic’s new defending-code-reference-harness repo is interesting because it turns “Claude for security” from a vague demo into a concrete workflow. If you build with Claude Code or are experimenting with agentic security tooling, this is the kind of repo that shows how far the model can be pushed when the task is tightly scoped and the environment is carefully sandboxed.

Key Points

• The repo is a reference implementation for autonomous vulnerability discovery and remediation with Claude.
• It packages both:
  • Claude Code skills for interactive work like /quickstart, /threat-model, /vuln-scan, /triage, /patch, and /customize
  • a pipeline harness that runs the full recon → find → verify → report → patch loop autonomously
• The harness is explicitly aimed at C/C++ memory vulnerabilities and uses Docker + ASAN in the reference setup.
• Anthropic is clear that this is not a product and not maintained; the repo is provided as a reference implementation.
• The repo points readers to a managed option, Claude Security, for teams that want a hosted product that scans repositories, reduces false positives with multi-stage verification, and manages findings through triage, fix validation, and rapid fix generation.
• The skills are meant to help with the human-in-the-loop side of the workflow:
  • build a threat model
  • run scoped scans
  • triage findings
  • draft patches
• The autonomous pipeline is more constrained and security-conscious:
  • some skills only read/write files
  • /customize edits harness code and runs validation commands
  • the pipeline itself can execute target code
  • it refuses to run outside a gVisor sandbox unless explicitly overridden
• Anthropic recommends starting small:
  • Day 1: threat model + static scan + triage
  • Day 2: run the reference pipeline on a C/C++ library
  • Days 3–5: customize it for your target
  • Week 2: move into autonomous scanning, triage, and patching
• The repo includes guidance for setup, sandboxing, customization, patching, troubleshooting, and safeguards for dangerous cyber work.
• It also makes a strong point that the best security teams are the ones that get hands-on quickly instead of trying to design the perfect pipeline first.

My Take

What strikes me is that this repo is less about “look, Claude can find bugs” and more about operationalizing the boring, hard parts: scoping, triage, verification, sandboxing, and patch generation. That’s the real story here. Anyone can wave around an agent that claims to discover vulnerabilities; much fewer teams can make the loop reliable enough to use repeatedly.

I think the most useful idea here is the split between interactive skills and the autonomous harness. That division feels practical. In real security workflows, you usually want a human to frame the problem and inspect the output first, then let automation take over only where it’s earned trust. The repo seems designed around that assumption, and I like that a lot.

The sandboxing story also matters. It’s easy to get dazzled by autonomous security agents and forget that they are literally running code from the target. Anthropic’s insistence on gVisor isolation and explicit approvals is the right kind of unsexy engineering. If you’re building anything similar, I’d treat that as the lesson, not an optional detail.

At the same time, I’d be cautious about overgeneralizing this to “Claude can autonomously secure any codebase.” The repo itself says the harness is a reference, not something that works out of the box everywhere. That honesty is refreshing. I think the customization step is where the real effort lives, and perhaps that’s where many teams will discover that their stack, build system, or vuln class needs substantial adaptation.

I’d actually try this if I were using Claude Code on a security-heavy repo, especially for a C/C++ target or a codebase where crash reproduction matters. I’d start with the interactive flow first, because that seems like the fastest way to understand how Claude behaves on security tasks before letting the autonomous pipeline loose. If I were evaluating it for a team, I’d care most about false positive rates, reproducibility, and how often the patching stage produces something I’d trust without major cleanup.

The bigger takeaway: this is a serious, grounded attempt to make agentic security workflows reproducible rather than magical. That’s a good sign for Claude developers who want useful automation instead of flashy demos.

Reference: GitHub - anthropics/defending-code-reference-harness: Skills for threat modeling, scanning, triage, patching, plus an autonomous scanning harness you can /customize

同じ著者の記事

A Strong Case for an Official Claude Desktop Build on Linux

For Claude and Claude Code developers, this GitHub issue lands on a very practical pain point: the desktop app is still where a lot of the interesting workflow lives, but Linux users are left out. That matters not just for casual chatting, but for plugin testing, desktop extensions, computer use, dictation, and other parts of the Claude desktop experience that the CLI cannot replace. What makes this request interesting is that it is not just “please support my favorite OS.” The author argues tha

papoo.work

Claude as the New Documentation Audience

Mark Dominus makes a simple but revealing observation: programmers who complain about documenting for coworkers are often perfectly willing to document for Claude. That sounds funny at first, but it points to a real shift in how developers are using LLMs as collaborators, and the article argues that those machine-facing notes can become genuinely useful project artifacts. The author recalls hearing a common complaint: people are angry that programmers will write detailed `CLAUDE.md` and `PROJECT

papoo.work

A Git MCP Server Built in Go: A Small but Useful Sign of the Ecosystem Maturing

From a Claude / Claude Code developer’s perspective, this kind of project is interesting because it sits right at the intersection of tooling, agent workflows, and real developer infrastructure. A Git MCP server is the sort of thing that can make Claude more useful in day-to-day engineering work, especially when you want the model to inspect or act on repositories in a structured way. The source is a Reddit post titled: “open-source - i built a full git mcp server in go.” The post appears to be

papoo.work

Researchers, Claude, and the Next Wave of Frontier AI Collaboration

From a Claude / Claude Code developer’s perspective, this kind of headline matters because it hints at where serious AI work is happening: not just in product demos, but in collaborations with elite researchers. Even without the full article text here, the framing alone suggests Anthropic is still positioned as a serious magnet for technical talent and frontier research energy. The source headline says elite researchers teamed up with Anthropic. The story appears to be about high-level research

papoo.work

Firefox's April Security Spike and What It Means for Claude Builders

From a Claude or Claude Code developer’s perspective, this story is interesting because browser security trends are increasingly part of the LLM app surface area. If Firefox really saw a massive April spike in security-related activity, that’s a reminder that the browser is still one of the most sensitive environments any AI-powered workflow touches. The source title indicates that Firefox reported a “massive April spike” in security-related activity. The Reddit post itself is not accessible in

papoo.work

Your AI Agents Are Aging: Why Agent Lifespan Matters

If you build with Claude or Claude Code, the idea of “agent aging” should immediately catch your attention. Even without a fully accessible source article here, the topic itself points to a real pain point in long-running agent systems: performance can drift, context can get stale, and once-helpful behavior can quietly degrade over time. The post is about agent lifespan — the idea that AI agents can “age” as they run. This is especially relevant for long-lived agents that keep state, mem

papoo.work

Anthropic’s Model Spec: Why It Matters for Claude Builders

From a Claude or Claude Code developer’s perspective, the interesting part of this story is the idea that Anthropic is documenting more of the “operating philosophy” behind its models. A clear model spec can be useful because it gives developers a better sense of how Claude is supposed to behave, not just how it performs on benchmarks. That said, the source here appears to be a Reddit verification placeholder, so there isn’t any substantive article text to analyze. The source URL points to a Red

papoo.work

Anthropic quietly files for an IPO, and that matters for Claude builders

Anthropic’s confidential S-1 filing is not a product launch, but it is still a meaningful signal for anyone building with Claude or Claude Code. It suggests the company is keeping the door open to becoming a public company, which could eventually reshape everything from how it reports progress to how developers think about long-term platform stability. Anthropic, PBC has confidentially submitted a draft Form S-1 to the U.S. Securities and Exchange Commission. The filing is for a proposed initial

papoo.work

Why Anthropic’s Weird New Compute Deal Matters for Claude Builders

If you build with Claude or Claude Code, this story is basically about the bottleneck you feel in product form: compute scarcity. Anthropic is lining up a huge new pool of GPU capacity, and the fact that it’s coming from Elon Musk’s AI empire makes the whole thing feel like peak 2026—part infrastructure chess, part PR theater, part “the only real constraint is electricity and politics.” Anthropic and Elon Musk’s SpaceX said they signed an agreement for Anthropic to use computing resources from x

papoo.work

Kepler’s Verifiable AI Stack Shows Where Claude Fits Best

For Claude and Claude Code developers, this Kepler story is interesting because it’s not “AI replaces analysts” hype — it’s a concrete example of using Claude as a reasoning layer inside a system that still insists on deterministic verification. That distinction matters a lot in finance, where being right is less important than being able to prove why you’re right. It also reads like a fairly honest systems-design lesson: the model is useful, but only when the surrounding infrastructure is doing

papoo.work