cd /news/ai-tools/vulnhunter-agentic-ai-security-tool · home topics ai-tools article
[ARTICLE · art-62981] src=github.com ↗ pub= topic=ai-tools verified=true sentiment=· neutral

VulnHunter: Agentic AI Security Tool

Capital One released VulnHunter, an open-source agentic AI security tool that simulates attacker behavior to find exploitable vulnerabilities in source code. The tool uses Claude Opus to perform forward analysis from entry points, falsify its own findings, and generate evidence-backed fixes, aiming to reduce false positives common in traditional SAST scanners.

read6 min views1 publishedJul 17, 2026
VulnHunter: Agentic AI Security Tool
Image: source

From pattern-matching to provability.

VulnHunter is an open-source, agentic AI security tool that applies proactive, attacker-first analysis directly to source code.

Unlike traditional, passive SAST scanners that flag suspicious patterns and often cause false positives, VulnHunter reasons like an adversary. It identifies which defects are actually exploitable, maps prospective attack paths, and proposes targeted, evidence-backed fixes.

Modern software supply chains are deeply interconnected. A single vulnerability in a widely-used open-source component can ripple across thousands of enterprises simultaneously.

Developed internally at Capital One, VulnHunter is released to the community because no single organization can solve this challenge alone.

Warning

Cyber-safeguard disclaimer VulnHunter performs dual-use cybersecurity work (vulnerability discovery and exploitation). If you run it against an Anthropic account that is not enrolled in Anthropic's Cyber Verification Program, real-time cyber safeguards may block requests and your usage may be flagged for cyber abuse. If you intend to use VulnHunter on Anthropic's first-party platforms (Claude API / Claude Code), we strongly recommend enrolling first via the verification portal.

Important

Prerequisites & Model Requirements Built and optimized for Claude Opus running in ** Claude Code**. The framework depends on deep, multi-step reasoning and requires frontier Opus-class models.

You supply your own model access.

Attacker-First Forward Analysis: Conventional tools often leverage "sink-first" analysis, looking at potentially dangerous code patterns to search backward for a hypothetical attacker, flooding teams with false positives. VulnHunter flips this model to simulate a bad actor's exact journey. It begins at potential attacker-accessible entry points (APIs, network messages, file uploads) and reasonsforwardto evaluate whether an attacker can truly break through.Falsification Engine: After finding a potential vulnerability, VulnHunter runs a structured reasoning workflow specifically designed todisproveits own argument. It searches for flawed assumptions, logic gaps, or security controls that would block the attack. It is designed to immediately discard findings that rely on unsupported assumptions. What reaches you is a high-priority, actionable defect.Evidence-Backed Remediation: When a defect survives the falsification engine, VulnHunter maps the exact exploit path, explains the structural flaw, details the specific capabilities or access an attacker would gain, and generates focused, targeted code changes for review.

VulnHunter ships as three composable Claude Code skills that form a complete, automated remediation loop:

Skill Phase Core Responsibility
/vulnhunt
Hunt
Maps entry points to dangerous sinks. Filters findings through a multi-stage falsification pipeline (Recon → Parallel Hunt → Adversarial Disprove → Capability Filter). Emits only verified issues with an executable exploit and a proposed fix.
/vulnhunter-fix
Fix
Developer-led, test-driven remediation. It writes an exploit demo, creates a failing security test (RED), implements the code fix (GREEN), verifies the exploit is blocked without regressions, and cuts a reviewable PR.
/vulnhunt-fix-verify
Verify
A completely separate, read-only agent that independently validates whether a finding was successfully remediated. It emits a per-finding verdict so fixes are proven, not taken on faith.

Note:For running this loop unattended at scale,vulnhunter-agent/

wraps the scanner in a headless runtime, whileharness/

drives it across multiple repositories in batch.

On the naming:the suite isVulnHunter, but the core scanner command is/vulnhunt

(and the verifier/vulnhunt-fix-verify

) — the shorter form is intentional, not a typo. The/vulnhunter-fix

remediation skill and thevulnhunter-agent/

runtime keep the full spelling.

Each component is organized into a self-contained subtree:

Path Description
vulnhunt/
The core /vulnhunt scanner skill (Prompt-only: SKILL.md + phases). See
vulnhunt/README.md
vulnhunter-fix/
The /vulnhunter-fix skill, its companion Python helper package, and tests. See
vulnhunter-fix/README.md
vulnhunt-fix-verify/
The /vulnhunt-fix-verify standalone verification skill (Prompt-only). See
vulnhunt-fix-verify/README.md
vulnhunter-agent/
Config-driven headless runtime wrapper that runs scans and files GitHub issues. See
vulnhunter-agent/README.md

harness/

.harness/README.md

Claude Code CLI, authenticated with access toClaude Opus.- Python 3.12+ (Required only for the runtime agent and the benchmarking harness). *Responsibility Check:*Ensure you are only scanning code bases you are explicitly authorized to analyze.

git clone https://github.com/capitalone/vulnhunter.git
cd vulnhunter

./install.sh      

Note

install.sh

copies files directly (rather than symlinking) because symlinks can break find

/glob

functionality inside subagents. Re-run ./install.sh

after pulling updates to refresh your local environment.

claude --model opus --add-dir ~/.claude/skills/vulnhunt --add-dir ~/.claude/skills/vulnhunt/phases

/vulnhunt

The fixer requires git

, the GitHub CLI (gh

) authenticated to your target repositories, and its Python helpers installed (pip install -e ".[dev]"

inside the vulnhunter-fix/

directory).

claude --model opus --add-dir ~/.claude/skills/vulnhunter-fix

/vulnhunter-fix

*See *

vulnhunter-fix/README.md

for advanced operational modes and configuration settings.The verifier runs strictly read-only over trusted roots under a tight tool envelope (Read/Write/Edit/Glob/Grep/Agent—no Bash execution, no network access). The caller must pre-create the output (out

) directory.

claude --model opus --add-dir ~/.claude/skills/vulnhunt-fix-verify \
       --add-dir ~/.claude/skills/vulnhunt-fix-verify/phases

/vulnhunt-fix-verify repo=<abs_path> report=<abs_path> fixed=VULN-001,... out=<abs_path> [comments=<abs_path>] [additional_repos=<path1>,<path2>]

For non-interactive or CI/CD pipelines, vulnhunter-agent/

wraps the scanner into a headless workflow. It clones targets, executes /vulnhunt

, publishes results, and opens GitHub issues for confirmed bugs. It connects natively via the direct Anthropic API.

Review the vulnhunter-agent/README.md for deployment blueprints.

The harness/

directory provides workstation-scale developer tooling. To initialize, run cd harness && pip install -e ".[dev]"

.

Manage your target list in harness/local_harness/batch/REPO_LIST.txt

(one GitHub URL per line, lines starting with #

are ignored):

cd harness
python -m local_harness.batch.run scan                  # Clone and scan every repo in the list
python -m local_harness.batch.run scan --resume         # Skip repositories already processed
python -m local_harness.batch.run status                # Monitor progress across your batch
python -m local_harness.batch.run collect               # Gather all findings for centralized review

Evaluate scanner accuracy against a known-vulnerable vulnerability corpus (Clone → Scan → LLM-Judge → Tally Metrics):

python -m local_harness.benchmark.run                  # Execute full benchmark run
python -m local_harness.benchmark.run --repos "name"   # Benchmark a single target repository
python -m local_harness.benchmark.run --tally-only      # Re-generate the analytical report only

Bring Your Own Corpus:This repository ships with a minimal synthetic example (harness/local_harness/benchmark/ground_truth/EXAMPLE.json

) mapped to public targets like OWASP NodeGoat, Juice Shop, and WebGoat. Build out your own testing suites insideground_truth/<repo>.json

. Define your target scanning/judging engines inharness/local_harness/config.py

.

Each Python component maintains its own isolated testing suite. Run them using pytest

:

cd harness          && pip install -e ".[dev]" && python -m pytest tests/ --cov=local_harness
cd vulnhunter-fix   && pip install -e ".[dev]" && python -m pytest -q
cd vulnhunter-agent && pip install -e ".[dev]" && python -m pytest -q

A Note on Models: VulnHunter was precision-tuned forClaude Opus andClaude Code. Its low false-positive discipline relies heavily on frontier-class reasoning, though the underlying orchestration patterns can be adapted to other advanced foundation models.Contributing: SeeCONTRIBUTING.mdto propose core framework improvements, prompt updates, or wider model support configurations.Security: ReviewSECURITY.mdfor instructions on how to safely report security vulnerabilities found within VulnHunter itself.License: Distributed under the terms of the Apache License, Version 2.0. SeeLICENSEfor details.

── more in #ai-tools 4 stories · sorted by recency
── more on @capital one 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/vulnhunter-agentic-a…] indexed:0 read:6min 2026-07-17 ·