AIToday

Capital One Open-Sources VulnHunter, AI Security Tool That Simulates Attacker Moves

Hacker News8h ago
Capital One Open-Sources VulnHunter, AI Security Tool That Simulates Attacker Moves

Key takeaway

Capital One has open-sourced VulnHunter, an AI-powered code security scanner that reasons like an attacker to identify exploitable vulnerabilities rather than merely flagging suspicious patterns. Built for Claude Opus, it combines a vulnerability hunter, automated fixer, and independent verifier into a single remediation loop, aimed at cutting false positives and delivering actionable security fixes with evidence of the attack path.

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  • What happened

    Capital One released VulnHunter, an open-source AI security tool built for Claude Opus that analyzes source code by simulating an attacker's perspective rather than flagging suspicious patterns. It works through three composable skills—a vulnerability scanner (/vulnhunt), a fixer (/vulnhunter-fix), and a verification agent (/vulnhunt-fix-verify)—that form an automated remediation loop.

  • Why it matters

    Traditional security scanners often produce false positives by flagging risky code patterns without confirming actual exploitability. VulnHunter's "falsification engine" discards findings that rely on unsupported assumptions, meaning teams receive only high-priority, actionable defects with evidence-backed fixes. Given that a single vulnerability in a widely-used open-source component can affect thousands of enterprises simultaneously, this approach could reduce noise and accelerate patching.

  • What to watch

    VulnHunter requires Claude Opus and Claude Code access; users scanning Anthropic platforms must enroll in the Cyber Verification Program to avoid triggering safeguards. The suite includes batch-scanning and benchmarking tools (harness/) for developers testing accuracy across multiple repositories, and a headless runtime agent for CI/CD integration.

In Depth

Capital One has released VulnHunter as an open-source, agentic AI security tool designed to apply proactive, attacker-first analysis directly to source code. Unlike traditional SAST (Static Application Security Testing) scanners that flag suspicious patterns and often generate false positives, VulnHunter reasons like an adversary, identifying which defects are actually exploitable, mapping prospective attack paths, and proposing targeted, evidence-backed fixes. The tool was developed internally at Capital One and is now released to the community because modern software supply chains are deeply interconnected, and a single vulnerability in a widely-used open-source component can ripple across thousands of enterprises simultaneously.

VulnHunter operates through three composable Claude Code skills that form a complete, automated remediation loop. The /vulnhunt skill performs the core hunt phase, mapping entry points to dangerous sinks and filtering findings through a multi-stage falsification pipeline (Recon → Parallel Hunt → Adversarial Disprove → Capability Filter), emitting only verified issues with an executable exploit and a proposed fix. The /vulnhunter-fix skill handles developer-led, test-driven remediation: it writes an exploit demo, creates a failing security test (RED), implements the code fix (GREEN), and verifies the exploit is blocked without regressions before cutting a reviewable pull request. The /vulnhunt-fix-verify skill serves as a completely separate, read-only agent that independently validates whether a finding was successfully remediated, providing a per-finding verdict so fixes are proven rather than taken on faith. For running this loop unattended at scale, vulnhunter-agent/ wraps the scanner in a headless runtime, while harness/ provides developer tooling to drive batch scans across multiple repositories.

The key differentiator is VulnHunter's "falsification engine." Conventional tools use "sink-first" analysis, looking at potentially dangerous code patterns and searching backward for a hypothetical attacker, which floods teams with false positives. VulnHunter flips the model to simulate a bad actor's exact journey, beginning at potential attacker-accessible entry points (APIs, network messages, file uploads) and reasoning forward to evaluate whether an attacker can truly break through. After finding a potential vulnerability, VulnHunter runs a structured reasoning workflow specifically designed to disprove its own argument, searching for flawed assumptions, logic gaps, or security controls that would block the attack. It is designed to immediately discard findings that rely on unsupported assumptions, ensuring that what reaches the developer is a high-priority, actionable defect backed by evidence of the attack path, the structural flaw, the specific capabilities an attacker would gain, and focused, targeted code changes for review.

VulnHunter is built and optimized for Claude Opus running in Claude Code. The framework depends on deep, multi-step reasoning and requires frontier Opus-class models; users must supply their own model access. Installation involves cloning the repository, running an install script that copies skills into ~/.claude/skills/, and ensuring Python 3.12+ is available for the optional runtime agent and benchmarking harness. A critical responsibility check is required: users must ensure they are only scanning code bases they are explicitly authorized to analyze. Users scanning Anthropic's first-party platforms (Claude API or Claude Code) should enroll in Anthropic's Cyber Verification Program to avoid triggering real-time cyber safeguards that may block requests and flag usage for cyber abuse. The tool is distributed under the Apache License, Version 2.0, and the developers note that while VulnHunter was precision-tuned for Claude Opus, its underlying orchestration patterns can be adapted to other advanced foundation models.

Context & Analysis

VulnHunter addresses a structural problem in modern software security: the interconnectedness of open-source components means a single unpatched vulnerability can ripple across thousands of enterprises. Capital One's decision to open-source the tool reflects the recognition that no single organization can solve the challenge alone—the vulnerability landscape is too broad and the supply chain too distributed. The tool's core innovation is its reasoning model: rather than pattern-matching against known dangerous code structures (which floods teams with false positives), it simulates an actual attacker's journey through a codebase, evaluating whether each potential vulnerability is truly exploitable given the specific context and controls in place. This distinction between "flagging a pattern" and "proving exploitability" is what the tool calls its falsification engine. The architecture of three separate, composable skills—scanner, fixer, and independent verifier—creates an automated feedback loop that not only discovers vulnerabilities but also proposes, tests, and validates fixes, potentially reducing the manual burden on security teams. The requirement for Claude Opus reflects the tool's dependence on frontier-class reasoning capabilities; the developers explicitly note that the low false-positive discipline relies heavily on advanced foundation-model reasoning.

FAQ

How does VulnHunter differ from traditional security scanners?
Traditional scanners use "sink-first" analysis, searching backward from dangerous code patterns and often producing false positives. VulnHunter flips the approach: it starts at attacker-accessible entry points (APIs, network messages, file uploads) and reasons forward to evaluate whether an attacker can actually exploit the vulnerability. It then runs a falsification engine to discard findings that rely on unsupported assumptions.
What are the system requirements to run VulnHunter?
Users need Claude Code CLI authenticated with access to Claude Opus, and Python 3.12+ for optional runtime agent and benchmarking tools. When scanning Anthropic platforms (Claude API or Claude Code), enrollment in Anthropic's Cyber Verification Program is strongly recommended to avoid safeguard blocks.
What does the remediation loop accomplish?
The three-skill loop (Hunt → Fix → Verify) maps vulnerabilities to dangerous sinks, generates and tests code fixes with a failing security test before and passing test after, and then independently validates that each finding was remediated without regressions.

Get the latest Large Language Models news every morning

AI-summarized, only the topics you pick — one digest a day via Email, Slack, or Discord.

Free · takes 30 seconds · unsubscribe anytime

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →