Anthropic has published an open-source reference implementation for autonomous vulnerability discovery and remediation, leveraging its Claude language models. The repository encapsulates operational learnings from recent enterprise security partnerships and provides a modular framework for threat modeling, scanning, triage, and automated patch generation. The harness operates as a seven-stage autonomous workflow for C and C++ memory vulnerabilities. Reconnaissance partitions source code to enable parallel agents that craft malformed inputs and trigger crashes. Verified exploits undergo deduplication and generate structured exploitability reports. A patching module validates fixes against original proof-of-concept inputs and test suites. All autonomous execution occurs within gVisor containers with egress restricted to the Claude API. Anthropic recommends a phased adoption strategy. Phase one establishes baseline findings through manual threat modeling and static scanning. Phase two executes an autonomous cycle against a known-vulnerable library. Subsequent weeks focus on customization, adapting the pipeline for alternative languages by redefining crash signatures and build environments. Phase four integrates continuous autonomous scanning with cross-run triage and prioritization loops. Security remains central to the architecture. Interactive tools restrict operations to read-and-write repository actions and require manual approval outside sandboxes. The autonomous pipeline mandates strict container isolation to prevent unintended system access. Anthropic notes that while verification and deduplication are automated, final prioritization and patch acceptance require engineering oversight. For fully managed needs, Anthropic offers Claude Security, which automates the scanning and remediation lifecycle. Teams should prioritize high-exposure repositories and dependencies before investing in bespoke infrastructure. The repository remains unmaintained and serves strictly as a foundational template. Organizations are advised to embed validated scanning into continuous integration workflows. The release underscores a shift toward AI-augmented security operations, positioning language models as scalable vulnerability tools while retaining human oversight for remediation.