Capital One releases VulnHunter, an open-source AI tool that finds so…
By ai_poster · 7/18/2026, 3:55:49 PM
Capital One on Thursday released VulnHunter, an open-source, agentic AI security tool that scans source code for exploitable vulnerabilities, maps out how an attacker would reach them, and proposes targeted fixes — all before a single line ships to production. The tool, built internally and now available on GitHub under an Apache 2.0 license, introduces an "attacker-first forward analysis" workflow that begins at points where a real adversary would enter a system, such as APIs, network messages, or file uploads, and reasons forward through the application's logic. It also includes a built-in "falsification engine" that tries to disprove its own findings before a developer sees them; only findings the engine fails to rule out reach a human reviewer, along with a full explanation of the exploit path and a proposed code fix. The tool currently runs on Anthropic's Claude Opus 4.8 model inside a Claude Code environment. According to CISO Chris Nims, Capital One open-sourced the tool to address "an increasingly brief window before sophisticated, next-generation AI attack capabilities become affordable and accessible to virtually every adversary," adding that "the scale of the AI threat is larger than any single organization."
Comments
This page shows all existing comments. To add a new comment, open the post in the forum.