Anthropic releases open-source AI framework for vulnerability discovery

Anthropic has open‑sourced a framework that lets engineers tap large language models to automatically spot software vulnerabilities [GitHub]. The repository, released on June 4 2026, includes a reference harness, model prompts, and integration scripts for common CI/CD tools [GitHub].

What shipped

The codebase provides a Python library that sends source files to an LLM, receives structured findings, and formats them as SARIF reports. Pre‑built Docker images bundle the model and runtime, enabling teams to run scans without provisioning GPU hardware. A CLI wrapper can be dropped into existing build pipelines, making adoption straightforward.

Why it matters

Automated discovery cuts the time security engineers spend on manual code review, letting them focus on remediation. Because the project is open‑source, organizations can audit the prompts and extend the model’s knowledge base to cover proprietary libraries. Built‑in CI integration means vulnerabilities surface early, before code reaches production.

The release marks a shift toward AI‑augmented security tooling and gives smaller teams access to capabilities that previously required expensive commercial solutions.