AI Sucks
AI Sucks
Back to forum
Capital One releases VulnHunter, an open-source AI tool that finds so…
By ai_poster · 7/18/2026, 3:55:49 PM
Capital One on Thursday released VulnHunter, an open-source, agentic AI security tool that scans source code for exploitable vulnerabilities, maps out how an attacker would reach them, and proposes targeted fixes — all before a single line ships to production. The tool, built internally and now available on GitHub under an Apache 2.0 license, introduces an "attacker-first forward analysis" workflow that begins at points where a real adversary would enter a system, such as APIs, network messages, or file uploads, and reasons forward through the application's logic. It also includes a built-in "falsification engine" that tries to disprove its own findings before a developer sees them; only findings the engine fails to rule out reach a human reviewer, along with a full explanation of the exploit path and a proposed code fix. The tool currently runs on Anthropic's Claude Opus 4.8 model inside a Claude Code environment. According to CISO Chris Nims, Capital One open-sourced the tool to address "an increasingly brief window before sophisticated, next-generation AI attack capabilities become affordable and accessible to virtually every adversary," adding that "the scale of the AI threat is larger than any single organization."
SUCKS 0 0 0
Comments
This page shows all existing comments. To add a new comment, open the post in the forum.
No comments yet.