Anthropic published a reference implementation on GitHub that demonstrates autonomous vulnerability discovery and remediation using Claude. The defending-code-reference-harness repository includes interactive skills for threat modeling, scanning, triage, and patching, along with an autonomous pipeline designed to find C/C++ memory vulnerabilities. Teams can customize the framework for their own codebases and security workflows.

The harness executes a seven-stage reconnaissance-to-patch loop inside gVisor sandbox containers, using AddressSanitizer to detect memory errors in compiled code. It partitions codebases into attack surfaces for parallel exploration, then generates candidate fixes for verified crashes. The system integrates with multiple Claude API access methods including Bedrock, Vertex, and Azure.

While the repository serves as an educational reference rather than a maintained product, Anthropic offers Claude Security as a hosted alternative that provides managed vulnerability scanning across multiple projects. The company recommends starting small with the interactive skills before moving to autonomous scanning, emphasizing hands-on learning over extensive upfront design.

Security teams can begin with the canary demo target using /quickstart, then customize the pipeline for Java or other languages through the /customize skill. The implementation reflects learnings from partnerships with enterprise security teams since the Claude Mythos Preview launch.