Anthropic has released an open-source reference harness for building Claude-based vulnerability discovery and remediation pipelines, offering a template for teams that want to automate parts of security review with its models.

The repository, called defending-code-reference-harness, is presented as a reference implementation rather than a maintained product. Anthropic says it is based on lessons from work with security teams at multiple organizations and is meant to help users assemble their own pipelines for threat modeling, scanning, triage, reporting and patch generation.

The project combines interactive Claude Code skills with an autonomous pipeline designed to follow a recon, find, verify, report and patch workflow. According to the repository documentation, the harness is configured to hunt for C and C++ memory vulnerabilities using Docker and AddressSanitizer, but Anthropic also says the general structure can be adapted to other languages, detectors and vulnerability classes.

The repo includes several Claude Code skills, such as /quickstart, /threat-model, /vuln-scan, /triage, /patch and /customize. Anthropic says those skills are intended to support a step-by-step process from scoping and scanning to triage and patching. The company also highlights that the autonomous parts of the pipeline can be used with Claude APIs through Anthropic, Amazon Bedrock, Google Vertex or Microsoft Azure.

Anthropic is also steering users toward a managed commercial alternative, Claude Security. In the project README, the company describes that hosted product as a way to scan repositories for vulnerabilities, reduce false positives through a multi-stage verification process, and manage findings through triage, fix validation and rapid fix generation.

The repository’s documentation places heavy emphasis on safety. Anthropic notes that some skills only read and write files and can be run without sandboxing if the user approves each tool action in Claude Code. By contrast, the autonomous pipeline, including patching based on pipeline results, can execute target code and is designed to refuse to run outside a gVisor sandbox unless the user explicitly overrides that behavior.

To help users get started, the repository points to setup instructions that include running a sandbox configuration script and then invoking the pipeline through a sandboxed binary. Anthropic also provides separate documentation on security, sandboxing and customization, along with a troubleshooting guide for issues such as duplicate findings, rate limits and subagent model pinning.

The README says the project is not accepting contributions, indicating that it is being published as a frozen reference rather than an actively developed community effort. The latest visible commit in the repository was dated June 15, 2026, with earlier public-release and documentation updates appearing in May and June.

Anthropic frames the release as a practical starting point for teams that want to build their own vulnerability pipeline rather than a polished end product. The company says the fastest progress comes from getting hands-on early, starting with smaller scans and then expanding the system as teams learn how it behaves on their codebases.