{"slug": "visa-vulnerability-agentic-harness-built-with-mythos", "title": "Visa Vulnerability Agentic Harness (built with Mythos)", "summary": "Visa released an open-source vulnerability discovery harness called VVAH that uses frontier AI models from Anthropic and OpenAI to automate security testing. The tool employs multi-agent deterministic voting and structured triage to reduce false positives and accelerate the time from AI-discovered weakness to validated fix. Visa designed VVAH to address the bottleneck of triage speed in AI-assisted vulnerability management.", "body_md": "VVAH is Visa's open-source harness for autonomous vulnerability discovery\nusing frontier AI models, built on learnings from\n[Project Glasswing](https://www.anthropic.com/glasswing) (Anthropic's\ninitiative for AI-assisted vulnerability research).\n\nThree design choices drive finding quality: threat modeling before analysis\nfocuses the attack surface; multi-agent deterministic voting reduces false\npositives; and structured triage artifacts compress the lifecycle from\nAI-discovered weakness to actionable finding. The bottleneck in AI-assisted\nvulnerability management is triage speed, not discovery — VVAH is designed\naround that constraint. The primary effectiveness metric is **Mean Time to\nAdapt (MTTA)**: time from AI-discovered weakness to a validated fix in\nproduction.\n\nMulti-model by design, VVAH works with Anthropic Claude, OpenAI, or any combination. No single provider is a dependency.\n\nFor setup, see [ docs/SETUP_GUIDE.md](/visa/visa-vulnerability-agentic-harness/blob/main/docs/SETUP_GUIDE.md). This repo is not\naccepting external contributions; see\n\n[.](/visa/visa-vulnerability-agentic-harness/blob/main/CONTRIBUTING.md)\n\n`CONTRIBUTING.md`\n\nAuthorized use only.Run scans only against code you own or have explicit permission to test. Findings are LLM-generated triage candidates that require human review — see[Limitations].\n\n**Docs:** [SETUP_GUIDE.md](/visa/visa-vulnerability-agentic-harness/blob/main/docs/SETUP_GUIDE.md) — install & configuration · [USER_GUIDE.md](/visa/visa-vulnerability-agentic-harness/blob/main/docs/USER_GUIDE.md) — commands & options.\n\nThree phases, nine stages. Each stage combines deterministic controls with frontier-model reasoning to produce structured, exploit-validated findings.\n\n| Phase | Stages | Purpose |\n|---|---|---|\n| Discovery & Modeling | S1–S3 | Attack surface mapping, threat modeling, hunting plan |\n| Deep Dive & Verification | S4–S6 | Multi-lens research, policy gates, adversarial verification |\n| Synthesis, Chaining & Reporting | S7–S9 | Deduplication, chain construction, SARIF emission |\n\nStandardized inputs (batch repositories, GitHub Enterprise metadata, CMDB records, CVE and control feeds) flow in. Structured reports, SARIF artifacts, and API-ready findings flow out.\n\nSee [ docs/architecture.md](/visa/visa-vulnerability-agentic-harness/blob/main/docs/architecture.md) for stage-by-stage detail.\n\nEach pipeline stage is implemented as a composable, reusable skill. Skills can be independently tuned, versioned, and replaced without rewiring the pipeline.\n\n| Stage | Skill |\n|---|---|\n| S1 — Explore the attack surface | Attack surface mapper (code, CMDB, CVE, controls) |\n| S2 — Model threats in business context | AppSec threat modeler (STRIDE, OWASP, trust boundaries) |\n| S3 — Strategize and prioritize | Vulnerability research strategist (taint, API boundaries, authorization controls) |\n| S4 — Research by specialized lens | Language, Crypto, Logic-bug, Access-control, Batch/ETL, IaC |\n| S6 — Adversarial verification | Adversarial reviewer (exploit chain, trust boundary tracing) |\n| S8 — Chain construction and reporting | Exploit strategist (CWE, attack paths, remediation) |\n\nSee [ docs/SKILLS.md](/visa/visa-vulnerability-agentic-harness/blob/main/docs/SKILLS.md) for configuration and extension guidance.\n\n**Python ≥ 3.10**- An LLM credential — a Claude Code login (\n`claude login`\n\n) for the default profile,**or** an Anthropic API key (`ANTHROPIC_SDK_API_KEY`\n\n) /`OPENAI_API_KEY`\n\nif you switch roles to`via: sdk`\n\n/`via: openai`\n\n; see[Configure](#configure). - The\n`claude`\n\nCLI — required for the default (`cli`\n\n) profile; optional otherwise.\n\nRecommended — install into a virtual environment (keeps the install isolated).\n\n**macOS / Linux:**\n\n```\npython3 -m venv .venv\nsource .venv/bin/activate\npip install .\n```\n\n**Windows (PowerShell):**\n\n```\npython -m venv .venv\n.\\.venv\\Scripts\\Activate.ps1\npip install .\n```\n\nOr install it as an isolated global command (no venv needed) on any OS:\n\n```\npipx install .\n```\n\nEither way this installs one command: `vvaharness`\n\n. All three backends (Anthropic\nSDK, Claude CLI, OpenAI-compatible) are available out of the box.\n\n**macOS / Linux:**\n\n```\ncp .env.example .env          # then edit .env to add your credential (see below)\n```\n\n**Windows (PowerShell):**\n\n```\nCopy-Item .env.example .env   # then edit .env\n```\n\n`vvaharness`\n\nloads a `.env`\n\nautomatically — it is searched for starting in the\nworking directory and walking up the parent directories — so no manual `source`\n\nstep is needed. (Variables you export yourself still take precedence.)\n\nWhich credential you need depends on the backend each role uses:\n\n(the default profile) — use a Claude Code session instead of an API key: run`via: cli`\n\n`claude`\n\nthen`/login`\n\n, or set`CLAUDE_CODE_OAUTH_TOKEN`\n\n(from`claude setup-token`\n\n).— set`via: sdk`\n\n`ANTHROPIC_SDK_API_KEY`\n\n. Behind a private gateway, also set`ANTHROPIC_SDK_BASE_URL`\n\n(plus`ANTHROPIC_SDK_CA_CERT`\n\n/`ANTHROPIC_SDK_CLIENT_CERT`\n\nfor mTLS).— set`via: openai`\n\n`OPENAI_API_KEY`\n\n(and`OPENAI_BASE_URL`\n\nfor an OpenAI-compatible endpoint).\n\nThe default profile (`vvaharness/config/profiles/default.yaml`\n\n) runs every stage\nthrough the `claude`\n\nCLI on `claude-sonnet-4-6`\n\n— your Claude Code login is\nenough, no SDK key required. (`cli.yaml`\n\nis the same layout with `Bash`\n\nadded to\nthe agentic stages.) To use the multi-backend layout (Claude CLI + Anthropic SDK\n\n- OpenAI roles), copy\n`vvaharness/config/profiles/full.yaml`\n\nto`./config.yaml`\n\nand edit it.\n\nFor a step-by-step walkthrough — picking a profile, config resolution order,\nsecrets in `.env`\n\n, and copy-then-edit customisation — see\n** docs/configuration.md → Setting up your config**.\n\n| You are… | What you need | Profile |\n|---|---|---|\nPublic / subscription user (most people) |\nClaude Code (`claude login` ) for the default; or an Anthropic API key `ANTHROPIC_SDK_API_KEY=sk-ant-…` if you prefer `via: sdk` roles |\n`default` / `cli` (login) or `full` (key) — nothing else: no gateway, no CA cert, no extra flags |\nEnterprise behind a private AI gateway |\nalso set `ANTHROPIC_BASE_URL` , plus `NODE_EXTRA_CA_CERTS` (private CA) and `CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1` if the gateway needs them |\n`default` / `cli` or `full` — see\n|\n\nRun ** vvaharness setup** either way — it tells you exactly what (if anything)\nis missing for\n\n*your*situation. A gateway token is only flagged when you actually have one.\n\nSee ** docs/USER_GUIDE.md** for all commands and options and\n\n**for detailed install/configuration.**\n\n[docs/SETUP_GUIDE.md](/visa/visa-vulnerability-agentic-harness/blob/main/docs/SETUP_GUIDE.md)\n\n```\nvvaharness doctor                                   # check credentials/backends\nvvaharness estimate --repo /path/to/target          # rough scope/cost, no spend\nvvaharness scan --repo /path/to/target --application-id 12345\n```\n\nBatch (clone + scan, one report per AppId):\n\n```\nvvaharness scan --repo-file repos.csv --workspace ./scans --group-by-app --keep-clones\n```\n\nA `scan`\n\nrun writes `run_manifest.json`\n\n(tool version, model roles, config hash,\ntarget git SHA, timing) into the working directory. (`doctor`\n\nand `estimate`\n\ndo no scan and write no manifest.)\n\nSo an AI agent *runs* the tool (instead of editing its source to make it work):\n\n```\nvvaharness setup --install-agents\n```\n\nThis detects your installed agent(s) and drops the operating instructions where\neach one reads them — `AGENTS.md`\n\n(cross-tool), `.github/copilot-instructions.md`\n\n(Copilot), `CLAUDE.md`\n\n+ a Claude skill in `~/.claude/skills/`\n\n(Claude Code),\n`GEMINI.md`\n\n(Gemini CLI). Existing files are left untouched. See\n[AGENTS.md](/visa/visa-vulnerability-agentic-harness/blob/main/AGENTS.md) for the operating rules and [docs/SKILLS.md](/visa/visa-vulnerability-agentic-harness/blob/main/docs/SKILLS.md)\nfor the analysis capabilities.\n\nPer target, under `<target>/security-scan/`\n\n:\n\n`<module>_<ts>_report.md`\n\n— findings + dropped-findings appendix`<module>_<ts>_report.sarif`\n\n— SARIF 2.1.0`<module>_<ts>_errors.jsonl`\n\n— non-fatal errors\n\n**LLM-generated, non-deterministic.** Findings are triage candidates, not confirmed vulnerabilities — human review is required. Two runs may differ. Majority-vote FP filtering runs on the`sdk`\n\nand`openai`\n\nbackends; the`cli`\n\nbackend (no temperature control) always runs single-pass, as do SDK/OpenAI models that reject`temperature`\n\n(e.g. Opus 4.7+).**Token-hungry.** Caps are per-stage / per-finding, not global. Use`vvaharness estimate`\n\nand the`step*.max_budget_usd`\n\nknobs.**No published accuracy numbers yet.** Precision/recall figures are not yet published.**Elevated Privilege** This tool runs with elevated privilege and must only be used against trusted repositories by authorized operators; running it against untrusted input without the recommended hardening controls may expose host credentials, API keys, and sensitive files to exfiltration or pipeline bypass.\n\nSee `docs/`\n\nfor configuration, models, pipeline, and output details.\n\nReport vulnerabilities responsibly — see [SECURITY.md](/visa/visa-vulnerability-agentic-harness/blob/main/SECURITY.md). Please do\nnot open security issues in a public tracker.\n\nLicensed under the **Apache License, Version 2.0** — see [LICENSE](/visa/visa-vulnerability-agentic-harness/blob/main/LICENSE) and\n[NOTICE](/visa/visa-vulnerability-agentic-harness/blob/main/NOTICE). Copyright 2026 Visa, Inc.\n\nThird-party dependencies are installed from PyPI at install time (not bundled\nin this repository); their licenses are inventoried in\n[THIRD_PARTY_LICENSES.md](/visa/visa-vulnerability-agentic-harness/blob/main/THIRD_PARTY_LICENSES.md).\n\nSee [CHANGELOG.md](/visa/visa-vulnerability-agentic-harness/blob/main/CHANGELOG.md) for release history.", "url": "https://wpnews.pro/news/visa-vulnerability-agentic-harness-built-with-mythos", "canonical_source": "https://github.com/visa/visa-vulnerability-agentic-harness", "published_at": "2026-06-13 21:43:18+00:00", "updated_at": "2026-06-13 22:22:53.817497+00:00", "lang": "en", "topics": ["ai-agents", "ai-tools", "ai-research", "developer-tools", "ai-safety"], "entities": ["Visa", "VVAH", "Anthropic", "OpenAI", "Project Glasswing", "Claude", "SARIF"], "alternates": {"html": "https://wpnews.pro/news/visa-vulnerability-agentic-harness-built-with-mythos", "markdown": "https://wpnews.pro/news/visa-vulnerability-agentic-harness-built-with-mythos.md", "text": "https://wpnews.pro/news/visa-vulnerability-agentic-harness-built-with-mythos.txt", "jsonld": "https://wpnews.pro/news/visa-vulnerability-agentic-harness-built-with-mythos.jsonld"}}