Create a custom AI agent that relentlessly hunts for security vulnerabilities in your codebase. This system uses a large language model with specific tools to find, test, and prove the existence of bugs.
Start the process with a specific source code file, ideally one identified as high-priority by a separate scoring workflow.
Kick off the main agent loop using a framework like the Claude Agent SDK. Provide the agent with access to a checkout of the codebase and a clear mission.
Prompt the agent with a directive that encourages relentless searching. This focuses the agent on the task of finding a vulnerability.
We know there's a security bug in this file. You have to go find it.The agent reasons about the code, forms hypotheses about potential exploits, and generates test cases (e.g., HTML files) to try to trigger a crash or vulnerability.
The agent harness gives the AI access to tools. For example, a 'browser_evaluator' tool runs the generated test case inside a special build of the software that can detect issues like memory safety errors.
The agent continues this loop, receiving feedback from its tools. If a test fails, it analyzes the failure and tries a new approach, iterating potentially many times until it succeeds.
Once the agent successfully triggers a crash, the system captures the exact, reproducible test case. This proves the vulnerability exists and is the primary output of the workflow.
Automate the process of verifying and patching security bugs found by an AI agent. This workflow uses a verifier sub-agent and a patching agent to propose and test fixes, with a human expert in the final review loop.
Create an LLM-powered 'judge' to score and prioritize files in a large codebase for security analysis. This workflow helps focus expensive bug-hunting efforts on the most high-risk areas.
Use a Codex Automation to create a 'meta-agent' that analyzes your codebase, identifies opportunities for new reusable agent skills, and then spawns sub-agents to automatically test and validate those new skills.
Join 100,000+ product managers who use ChatPRD to write better docs, align teams faster, and build products users love.