# Defending Code Reference Harness > An open-source reference implementation for autonomous vulnerability discovery and remediation using Claude, covering threat modeling, scanning, triage, patching, and a sandboxed autonomous pipeline. The Defending Code Reference Harness is an open-source toolkit published by Anthropic under the Apache 2.0 license, designed to help security teams use Claude for autonomous vulnerability discovery and remediation. It provides both interactive Claude Code skills and a fully autonomous pipeline that walks through recon, finding, verification, reporting, and patching stages. The repository was created in May 2026 and is described by Anthropic as a reference implementation, not a maintained product. ## What It Is The harness is a Python-based reference pipeline that enables security engineers to run Claude-powered agents against source code repositories to find, verify, triage, and patch vulnerabilities. It ships with a set of Claude Code skills (`/quickstart`, `/threat-model`, `/vuln-scan`, `/triage`, `/patch`, `/customize`) for interactive use, plus an autonomous `harness/` pipeline configured out of the box for C/C++ memory vulnerabilities using Docker and AddressSanitizer (ASAN). The repository README explicitly states it is "a reference, not a product" and is not accepting contributions. ## How the Pipeline Works The autonomous pipeline runs through seven distinct stages: - **Build**: Compiles the target into a Docker image with ASAN enabled. - **Recon**: A lightweight agent reads source code in a network-isolated container and proposes a partition of input-parsing subsystems for parallel exploration. - **Find**: Multiple agents run in parallel, each in its own isolated container, crafting malformed inputs and running the ASAN binary until a crash reproduces reliably. - **Verify**: A separate grader agent reproduces each crash in a fresh container using only the proof-of-concept produced by the find agent. - **Dedupe**: A judge agent compares verified crashes against previously reported bugs to identify new, improved, or duplicate findings. - **Report**: A report agent writes a structured exploitability analysis per unique bug, covering primitive class, reachability, escalation path, and severity. - **Patch**: A patch agent proposes a fix, and a grader agent confirms the fix builds, the original proof-of-concept no longer crashes, the test suite passes, and a fresh find agent cannot bypass the fix. ## Sandboxing and Security Model The harness enforces a strict sandboxing model. The interactive skills (`/quickstart`, `/threat-model`, `/vuln-scan`, `/triage`) are read- and write-only and are safe to run without a sandbox as long as tool uses are reviewed in Claude Code. The autonomous pipeline, however, executes target code and refuses to run outside a gVisor sandbox unless explicitly overridden. A setup script (`scripts/setup_sandbox.sh`) installs gVisor, builds agent images, and verifies isolation. Each agent runs inside a gVisor container with egress restricted to the Claude API. ## Customization and Portability The `/customize` skill allows teams to port the pipeline to languages and vulnerability classes beyond C/C++. Porting requires answering three questions for the target stack: what signals a finding (e.g., ASAN crash, exception, DNS callback), what a proof of concept looks like (e.g., crashing input file, HTTP request sequence), and how the target is built and run. The README provides a structured ramp-up path spanning from Day 1 interactive skills through Week 2 autonomous scanning, triage, and patching at scale. ## Update: Repository Launch (May 2026) The repository was created on May 22, 2026, and last pushed on June 2, 2026. It was published alongside the Claude Mythos Preview (Glasswing) announcement and an accompanying blog post on using LLMs to secure source code. Anthropic also references a companion cookbook on the Claude platform for a lightweight SDK-only walkthrough of the same vulnerability detection loop. The README notes that Anthropic offers a hosted managed version called Claude Security for teams that want a productized option rather than the self-hosted reference implementation. ## Features - Interactive Claude Code skills for threat modeling, scanning, triage, and patching - Autonomous 7-stage pipeline: recon, find, verify, dedupe, report, patch - C/C++ memory vulnerability detection using ASAN and Docker - gVisor sandboxing with egress restricted to Claude API - Parallel find agents for broad vulnerability surface coverage - Cross-run triage and deduplication via /triage skill - Customizable pipeline for other languages and vulnerability classes via /customize - Candidate patch generation and automated fix verification - Structured exploitability reports per unique bug - Companion Claude Code skills that are read/write-only and safe to run unsandboxed ## Integrations Claude API, Claude Code, Docker, gVisor, ASAN (AddressSanitizer), Amazon Bedrock, Google Cloud Vertex AI, Azure ## Platforms ANDROID, IOS, API, DEVELOPER_SDK, CLI ## Pricing Open Source ## Version main ## Links - Website: https://claude.com/ - Documentation: https://github.com/anthropics/defending-code-reference-harness/blob/main/docs/pipeline.md - Repository: https://github.com/anthropics/defending-code-reference-harness - EveryDev.ai: https://www.everydev.ai/tools/defending-code-reference-harness