VulnHunter: Agentic AI Security Tool Capital One released VulnHunter, an open-source agentic AI security tool that simulates attacker behavior to find exploitable vulnerabilities in source code. The tool uses Claude Opus to perform forward analysis from entry points, falsify its own findings, and generate evidence-backed fixes, aiming to reduce false positives common in traditional SAST scanners. From pattern-matching to provability. VulnHunter is an open-source, agentic AI security tool that applies proactive, attacker-first analysis directly to source code. Unlike traditional, passive SAST scanners that flag suspicious patterns and often cause false positives, VulnHunter reasons like an adversary. It identifies which defects are actually exploitable, maps prospective attack paths, and proposes targeted, evidence-backed fixes. Modern software supply chains are deeply interconnected. A single vulnerability in a widely-used open-source component can ripple across thousands of enterprises simultaneously. Developed internally at Capital One, VulnHunter is released to the community because no single organization can solve this challenge alone. Warning Cyber-safeguard disclaimer VulnHunter performs dual-use cybersecurity work vulnerability discovery and exploitation . If you run it against an Anthropic account that is not enrolled in Anthropic's Cyber Verification Program https://support.claude.com/en/articles/14604842-real-time-cyber-safeguards-on-claude , real-time cyber safeguards may block requests and your usage may be flagged for cyber abuse. If you intend to use VulnHunter on Anthropic's first-party platforms Claude API / Claude Code , we strongly recommend enrolling first via the verification portal https://portal.anthropic.com/programs/cvp . Important Prerequisites & Model Requirements Built and optimized for Claude Opus running in Claude Code . The framework depends on deep, multi-step reasoning and requires frontier Opus-class models. You supply your own model access. Attacker-First Forward Analysis: Conventional tools often leverage "sink-first" analysis, looking at potentially dangerous code patterns to search backward for a hypothetical attacker, flooding teams with false positives. VulnHunter flips this model to simulate a bad actor's exact journey. It begins at potential attacker-accessible entry points APIs, network messages, file uploads and reasons forward to evaluate whether an attacker can truly break through. Falsification Engine: After finding a potential vulnerability, VulnHunter runs a structured reasoning workflow specifically designed to disprove its own argument. It searches for flawed assumptions, logic gaps, or security controls that would block the attack. It is designed to immediately discard findings that rely on unsupported assumptions. What reaches you is a high-priority, actionable defect. Evidence-Backed Remediation: When a defect survives the falsification engine, VulnHunter maps the exact exploit path, explains the structural flaw, details the specific capabilities or access an attacker would gain, and generates focused, targeted code changes for review. VulnHunter ships as three composable Claude Code https://docs.claude.com/en/docs/claude-code skills that form a complete, automated remediation loop: | Skill | Phase | Core Responsibility | |---|---|---| /vulnhunt | Hunt | Maps entry points to dangerous sinks. Filters findings through a multi-stage falsification pipeline Recon → Parallel Hunt → Adversarial Disprove → Capability Filter . Emits only verified issues with an executable exploit and a proposed fix. | /vulnhunter-fix | Fix | Developer-led, test-driven remediation. It writes an exploit demo, creates a failing security test RED , implements the code fix GREEN , verifies the exploit is blocked without regressions, and cuts a reviewable PR. | /vulnhunt-fix-verify | Verify | A completely separate, read-only agent that independently validates whether a finding was successfully remediated. It emits a per-finding verdict so fixes are proven, not taken on faith. | Note:For running this loop unattended at scale, vulnhunter-agent/ wraps the scanner in a headless runtime, while harness/ drives it across multiple repositories in batch. On the naming:the suite isVulnHunter, but the core scanner command is /vulnhunt and the verifier /vulnhunt-fix-verify — the shorter form is intentional, not a typo. The /vulnhunter-fix remediation skill and the vulnhunter-agent/ runtime keep the full spelling. Each component is organized into a self-contained subtree: | Path | Description | |---|---| vulnhunt/ | The core /vulnhunt scanner skill Prompt-only: SKILL.md + phases . See vulnhunt/README.md | vulnhunter-fix/ | The /vulnhunter-fix skill, its companion Python helper package, and tests. See vulnhunter-fix/README.md | vulnhunt-fix-verify/ | The /vulnhunt-fix-verify standalone verification skill Prompt-only . See vulnhunt-fix-verify/README.md | vulnhunter-agent/ | Config-driven headless runtime wrapper that runs scans and files GitHub issues. See vulnhunter-agent/README.md | harness/ . /capitalone/VulnHunter/blob/main/harness/README.md harness/README.md Claude Code CLI https://docs.claude.com/en/docs/claude-code , authenticated with access to Claude Opus .- Python 3.12+ Required only for the runtime agent and the benchmarking harness . Responsibility Check: Ensure you are only scanning code bases you are explicitly authorized to analyze. Clone the repository git clone https://github.com/capitalone/vulnhunter.git cd vulnhunter Copy skills into ~/.claude/skills/ ./install.sh Optional To clean up or remove installed skills ./uninstall.sh Note install.sh copies files directly rather than symlinking because symlinks can break find / glob functionality inside subagents. Re-run ./install.sh after pulling updates to refresh your local environment. claude --model opus --add-dir ~/.claude/skills/vulnhunt --add-dir ~/.claude/skills/vulnhunt/phases Inside the Claude Code session, invoke: /vulnhunt The fixer requires git , the GitHub CLI gh authenticated to your target repositories, and its Python helpers installed pip install -e ". dev " inside the vulnhunter-fix/ directory . claude --model opus --add-dir ~/.claude/skills/vulnhunter-fix Inside the Claude Code session, invoke: /vulnhunter-fix See vulnhunter-fix/README.md for advanced operational modes and configuration settings.The verifier runs strictly read-only over trusted roots under a tight tool envelope Read/Write/Edit/Glob/Grep/Agent— no Bash execution, no network access . The caller must pre-create the output out directory. claude --model opus --add-dir ~/.claude/skills/vulnhunt-fix-verify \ --add-dir ~/.claude/skills/vulnhunt-fix-verify/phases Inside the Claude Code session, invoke: /vulnhunt-fix-verify repo=