Announcing Claude Managed Agents on Cloudflare

Build your own vulnerability harness

The authors of this blog post developed a model-agnostic vulnerability harness to scan enterprise codebases for security vulnerabilities. They built on their initial findings from Project Glasswing and created a continuous, fleet-wide scanning pipeline that uses interchangeable AI models to cross-check vulnerabilities. This approach allows for more comprehensive security coverage and avoids relying on a single model. Key components of the vulnerability harness include state control management, false positive elimination, and end-to-end triage at scale. The authors emphasize the importance of persistence, deduplication, resumability, and fleet-wide dependency tracing in a security analysis. To build a similar system, the authors recommend starting with a basic skill, getting prompts working well, and gradually adding more architectural stages as needed. They also suggest focusing on language-agnostic syntax and leveraging models to scale across multiple codebases.