Capital One Open-Sources VulnHunter, An AI Agent That Hunts Code Flaws
Built on Anthropic's Claude Opus 4.8, the agent was tested across thousands of Capital One's own repositories spanning tens of business areas.
- Released July 16, 2026 under Apache License 2.0, code hosted at github.com/capitalone/vulnhunter.
- A falsification engine forces the AI to challenge its own findings before flagging them.
- It proposes evidence-backed code fixes, shifting developers from triaging false alarms to repairing real ones.
Why it matters: A bank outsourcing judgment of its own vulnerabilities to another company's model has changed who decides safety.
Capital One Tech Blog (announcing-vulnhunter) ↗ · Jul 17, 20267/17/26 · ✓ Checked✓ Check