Back to section
Bezpečnosť ⭐ Notable

Capital One releases VulnHunter — open-source agentic AI security tool for finding software vulnerabilities

Sobota 18. júla 2026 Source: VentureBeat

What happened

Capital One released VulnHunter as an open-source tool under the Apache 2.0 license. The tool is available on GitHub and runs on Anthropic's Claude Opus 4.8 model inside a Claude Code environment. VentureBeat covered VulnHunter on July 17, 2026.

Context and impact

VulnHunter represents a shift from traditional SAST tools that look for vulnerability patterns to agentic systems that simulate attacker behavior. The key innovation is a Falsification Engine — after every finding, the tool actively searches for reasons the finding doesn't hold, reducing false positives. Capital One sees it as a template for internal AI security tooling.

Details

  • License: Apache 2.0, available at github.com/capitalone/VulnHunter
  • Model: Anthropic Claude Opus 4.8 inside Claude Code environment
  • Three innovations: Falsification Engine, Attacker-First Forward Analysis, Evidence-Backed Remediation
  • Entry points analyzed: API endpoints, network messages, file uploads
  • Generates targeted code fixes for engineer review
Open original source VentureBeat