@vintcessun: An 8-stage vulnerability discovery agent that runs on a Claude subscription, essentially a reproduction of the Cloudflare Project Glasswing paper. Multiple narrow agents + intentional disagreement verification + reachability gating, breaking down 'which piece of code can actually be exploited by an attacker' into 8 precise steps. Recon uses Opus to decompose tasks, H…
Summary
Introduces an 8-stage vulnerability discovery agent based on Claude subscription, reproducing the core ideas of the Cloudflare Project Glasswing paper. It uses multiple narrow agents, intentional disagreement verification, and reachability gating to break down exploit analysis into precise steps, without the need for API keys.
Similar Articles
@vintcessun: What troubles security teams most is too many false positives in the vulnerability discovery process and lack of closed-loop fix verification. Anthropic's reference implementation directly breaks the entire process into an auditable seven-stage pipeline. The core design is not about stacking features, but building a verification chain—each finding must go through independent sandbox reproduction, deduplication, scoring, and finally the patch must also pass regression testing...
Anthropic has released an open-source reference implementation for vulnerability discovery and remediation, building a verification chain with a seven-stage pipeline based on Claude, aimed at reducing false positives and ensuring closed-loop fix verification.
@jianshuo: Only when you can see it can you talk about understanding. I wrote ccglass; install it via npm and you can see what Claude Code is secretly sending to the large model—system prompts, 48 tools, token accounts—all laid out.
ccglass is a zero-dependency local logging reverse proxy and web dashboard that lets you see in real-time the system prompts, tools, and token usage sent by coding agents like Claude Code to the large model.
@vincemask: https://x.com/vincemask/status/2064581609928699973
This article introduces the five-layer safety guardrail configuration of Claude Code, including OS sandbox, native permission rules, PreToolUse Hook, engineering rules, and remote access control. It also provides a deny/ask/allow configuration and command classification list to ensure the Agent operates autonomously within secure boundaries.
@yaohui12138: I've finished reading it. Here are some key takeaways I've compiled for everyone: In this session, he primarily broke down a core mechanism overlooked by 90% of users: the CLAUDE.md context injection system. This system is divided into three levels: Enterprise-level: Organization-wide mandatory rules that cannot be overridden by individual settings. Project-level: Team-shared code standards and workflows. Loc...
The article shares key insights from a workshop by Boris on using CLAUDE.md for context injection in Claude, highlighting three usage levels, specific commands like /loop, and plan mode to improve developer workflows.
@dulipeng: https://x.com/dulipeng/status/2067450611529093311
This article is a practical tutorial that details how to use the Cloudflare Workers/Pages free tier to deploy a low-cost VPN, based on the open-source project edgetunnel, and used with clients like Clash and Shadowrocket.