Anthropic publishes its source-code security playbook and open-sources a reference vulnerability-discovery harness for Claude

Anthropic has released a public best-practices guide for using Claude to find and fix vulnerabilities in source code, paired with an open-source reference harness on GitHub. The guide is grounded in Anthropic's own production scanning work, where as of May 22, 2026 the team had disclosed 1,596 vulnerabilities in open-source software, of which 97 have been patched to its knowledge.

What's new

• A new Anthropic blog post titled "Using LLMs to Secure Source Code" (May 27, 2026), authored by Eugene Yan and Henna Dattani.
• An accompanying open-source repository at github.com/anthropics/defending-code-reference-harness that ships:
  • Claude Code skills /quickstart, /threat-model, /vuln-scan, /triage, /patch, and /customize for interactive scanning.
  • An autonomous reference pipeline with stages Recon → Find → Verify → Report → Patch, pre-configured for C/C++ memory vulnerabilities using Docker and AddressSanitizer.
• A six-step framing for AI-assisted source-code security: threat model, scope, discover, verify, triage, patch. Anthropic's headline finding: "discovery is now straightforward to parallelize, and the bottleneck has shifted to verification, triage, and patching."
• The repo is positioned as a reference, not a maintained product. Anthropic points teams that want a hosted equivalent to its Claude Security product.

Context

This sits inside Anthropic's broader Project Glasswing initiative, which last week expanded to ~150 critical-infrastructure organizations across 15+ countries, and the Claude Mythos defensive-cyber model that anchors that program. The new post and harness translate what Anthropic's internal red team has been doing at scale into something a security engineer at another company can run locally on their own codebase.

The disclosed-vs-patched gap is the more interesting number than the raw 1,596: discovery has gotten cheap enough that the limiting reagent is now humans (or agents) doing the triage and patch work downstream. Anthropic frames this explicitly: "if we send product engineers a pile of findings where a majority are non-exploitable, they will lose trust in the reports." Their fix is to bake test beds and PoC execution into the pipeline so the model verifies exploitability before anything reaches a human, with a reported 90% exploitability rate for findings from well-documented threat models.

Why it matters

For application security teams, this is a working reference architecture for autonomous vulnerability discovery from a frontier lab — which is significantly more useful than a vendor demo, because the skills and harness can be inspected, modified, and run on private codebases. The C/C++ memory-vuln preset is a deliberate choice: this is the class of bug where AddressSanitizer + a fuzzing-style PoC loop gives a clean exploitability signal, which makes it the easiest beachhead for an LLM-driven pipeline.

For the rest of the AI ecosystem, it's another data point in the argument that frontier labs are increasingly shipping security tooling alongside model capabilities, rather than treating security as a downstream integration problem. Anthropic is at the same time positioning Claude Security as the managed alternative, which is where the company expects most enterprise revenue from this category to land. The open-source reference harness becomes the on-ramp, and Claude Security becomes the destination.