GitHub Repository

Github Copilot skills for threat modeling, scanning, triage, patching, plus an autonomous scanning harness you can /customize

1 starsPython

GitHub Copilot port of Anthropic's AI vulnerability discovery harness

Name: GitHub Copilot port of Anthropic's AI vulnerability discovery harness
Availability: InStock
Author: dreis_sw

by dreis_sw·Jun 8, 2026·2 points·0 comments

Visit Project View on HN

AI Analysis

●●SolidBig Brain

Makes Anthropic's security harness accessible to Copilot users who lack Claude Code access.

Strengths

•Real engineering work mapping Claude Code agents to Copilot CLI skills.
•Includes sandboxed pipeline with Docker and gVisor for safe autonomous scanning.
•Six interactive slash commands for threat modeling, scanning, triage, and patching.

Weaknesses

•Explicitly a port, not novel architecture — follows Anthropic's reference design.
•Author admits it's a reference that won't work on every codebase out of the box.

Post Description

Last week, Anthropic released https://github.com/anthropics/defending-code-reference-harne..., a reference harness for autonomous vulnerability discovery that uses Claude Code agents to find, verify, and patch memory-safety bugs. I wanted to use it but I only have access to GitHub Copilot.

This is a port of that harness to the GitHub Copilot CLI. PORTING-PLAN.md covers the decisions made to map the handful of features that work differently between Claude Code and the Copilot CLI.

The result is a working reference for anyone who wants to build autonomous security agents on Copilot, tracking Anthropic's approach as closely as possible.

Feedback welcome!