Hasty Briefsbeta

Bilingual

Build your own vulnerability harness

5 hours ago
  • #Model-Agnostic Architecture
  • #AI Security
  • #Vulnerability Research
  • Project Glasswing explores using frontier AI models for enterprise code security, highlighting the need for a model-agnostic architecture to avoid reliance on any single model.
  • A two-stage vulnerability research workflow is implemented: the Vulnerability Discovery Harness (VDH) for discovery and the Vulnerability Validation System (VVS) for triage, using different models to cross-check findings.
  • Key stages in VDH include Recon, Hunt, Validate, Gapfill, Dedup, Trace, and Feedback, with strict context controls and persistence to prevent hallucinations and data loss.
  • The system emphasizes adversarial verification, requiring proof-of-concept tests and patches for each finding, and uses deterministic code to validate paths and prevent false positives.
  • Fleet-wide scanning enables cross-repo dependency tracing, uncovering systemic flaws, with deduplication agents to manage overlapping findings and a wishlist mechanism for agent resource requests.
  • Metrics focus on filtering raw candidates into actionable findings, with ~12,057 high-integrity findings from 20,799 raw candidates, and automated patching saving engineering hours.
  • The architecture decouples security logic from model providers, ensuring robustness through independent triage and human-in-the-loop safeguards for code changes.