Menu
Cloudflare Blog·June 18, 2026

Designing a Model-Agnostic AI Vulnerability Harness for Enterprise Codebases

This article from Cloudflare details the architectural design and implementation of their AI-powered vulnerability harness, Project Glasswing. It focuses on creating a scalable, model-agnostic system that can continuously scan enterprise-level codebases across multiple languages and repositories. Key architectural considerations include state externalization, persistent storage, distributed orchestration, and a two-stage discovery and validation workflow to minimize false positives and enhance reliability.

Read original on Cloudflare Blog

The Challenge: Scaling AI for Security Vulnerability Discovery

Traditional AI agents for security analysis often suffer from limitations such as context window exhaustion, lack of persistence, and inability to perform cross-repository reasoning. Cloudflare's Project Glasswing addresses these by building a robust _harness_ that orchestrates various AI models, treating them as interchangeable components rather than relying on a single model. This model-agnostic approach is crucial for adapting to the rapidly evolving AI landscape and ensuring comprehensive vulnerability coverage.

Core Architectural Principles

  • Model Agnosticism: The system is designed to be independent of any specific AI model, allowing for easy interchangeability and cross-testing of different models for discovery and validation.
  • State Externalization: To overcome context window limitations, the LLM is treated as a stateless compute engine, with all crucial state persisted externally.
  • Persistence and Resumability: Every stage of the pipeline writes its findings to a database, enabling runs to resume from the point of failure and prevent loss of work due to transient errors.
  • Distributed Orchestration: A central orchestrator manages hundreds of separate investigations, handles task scheduling, deduplication, and fleet-wide dependency tracing across repositories.
  • Language Agnosticism: By offloading syntax analysis to the models, the harness itself can focus on higher-level security orchestration logic, supporting a diverse mix of programming languages without custom parsers.

Two-Stage Workflow: Discovery and Validation

The system employs a two-stage operational framework: the Vulnerability Discovery Harness (VDH) and the Vulnerability Validation System (VVS). The VDH proactively scans codebases for potential issues, while the VVS is responsible for deduplication, judgment, and fixing. Critically, these two stages use _different_ AI models, ensuring an unbiased, adversarial cross-check of findings. This architectural separation enhances security by preventing a single model's biases from leading to false negatives or positives and improves operational resilience against model volatility.

💡

Context Control and Parallelism

To prevent models from 'hallucinating' due to context window exhaustion, each agent's job is hyper-focused, keeping context usage below 25% of the total window. Persistence must be factored in before parallelism; streaming findings and saving them incrementally ensures that a crash only costs the task in flight, not the entire run.

Dynamic Threat Modeling and Hunter Agents

During the Recon stage, an agent dynamically generates a custom threat model and taxonomy specific to the codebase being analyzed, rather than relying on predefined rules. Hunter agents then move beyond static code analysis, actively compiling code fragments, building small versions, and attacking them within sandboxed environments (built on `unshare`). This approach allows for the discovery of subtle undefined-behavior bugs that static analysis might miss.

  • Sibling Forking: Enables Hunter agents to explore interesting code paths outside their immediate scope by forking new agents with precise structural seeds, without derailing the main analysis.
  • The Wishlist: A central mechanism where agents can request external resources (e.g., a specific build environment, a VM, or production configuration files) they need to confirm a Proof of Concept (PoC) or perform further analysis. This allows for human intervention to provide dependencies, with potential for some self-healing automation.
AIMachine LearningVulnerability ScanningSystem ArchitectureDistributed AgentsOrchestrationSecurity EngineeringCloudflare

Comments

Loading comments...