Anthropic has published defending-code-reference-harness on GitHub. It is a public reference repository that bundles discrete security skills with an autonomous scanning harness you can drop into your own stack.
The repository covers four skill areas: threat modeling, scanning, triage, and patching. Each is packaged separately, which means you can adopt one piece at a time rather than committing to the full pipeline upfront. The autonomous harness ties these skills together and is explicitly designed for customization.
Why does this matter right now? Security is still the part of the AI-assisted development workflow that most teams bolt on after the fact. This harness is designed to make defense a first-class step inside the build process, not an afterthought. The word "defending" in the repo name is intentional: the focus is on protecting code that already exists or is being written, not just finding problems after the fact.
The project has picked up over 1.6k stars and 120 forks since it went public, which signals real interest from the builder community. That is not a small number for a security-focused developer tool repo.
The customization angle is the most practical part for product engineers. The harness is not a fixed pipeline you run as-is. You can adapt it to your own threat surface, your own codebase structure, and your own triage thresholds. That matters because generic security tooling almost always needs tuning before it catches the things that are actually relevant to your project.
This also lives in the GitHub ecosystem natively. That means it fits alongside Actions, Issues, and Code Review workflows your team already uses. There is no separate platform to adopt.
What to do today: Fork the repo, read the skills modules in isolation, and pick the one closest to your current pain point. Threat modeling is a good starting place if your team does not have a formal process. Scanning and triage together make sense if you already model threats but lack automated follow-through. Once you have one skill working, the harness gives you a clear path to connect the rest.