Anthropic Double Feature: AI Self-Improvement Roadmap + Open-Source Vulnerability Harness
Anthropic reveals internal data on AI self-improvement (80% of code authored by Claude) and open-sources Defending Code Reference Harness for autonomous vulnerability discovery.
Jun 6, 2026 · 5 min read
TL;DR
On June 6, 2026, Anthropic published two major pieces on the same day — a research report from the Anthropic Institute revealing internal data on AI's path toward recursive self-improvement, and an open-source project called Defending Code Reference Harness — a fully autonomous vulnerability discovery and remediation framework powered by Claude. Two different directions, one signal: the era of AI building AI has arrived, advancing simultaneously on both engineering and security fronts.
Main Content
Story 1: When AI Builds Itself — An Inside Look at Anthropic's AI Development Pipeline
The Anthropic Institute report released internal numbers that are striking: as of May 2026, over 80% of code merged into Anthropic's codebase was authored by Claude. Before Claude Code launched in research preview in February 2025, this number was in the single digits.

Key data points from the report:
- Engineering productivity: Anthropic engineers ship 8x as much code per quarter as they did from 2021-2025
- Autonomous capability: Claude's success rate on open-ended tasks (where only the goal is specified, not the method) rose from 50% in November 2025 to 76% in May 2026 — a 26-point jump in six months
- Research capability: On CORE-Bench (reproducing published research results), AI systems went from under 5% success in late 2024 to 57% in May 2026
- Task duration doubling: The length of tasks Claude can reliably complete doubles roughly every four months — from ~1 minute in March 2024 to ~30 minutes in May 2026
The most remarkable finding is the progress in autonomous research capability. In April 2026, Anthropic demonstrated Claude running an end-to-end open-ended research project for the first time — Claude was given an open problem in AI safety, then independently designed experiments, executed code, analyzed results, and delivered conclusions.
Perhaps even more interesting is the data on research judgment: in 129 real Claude Code sessions (January-March 2026), independent reviewers judged that Claude's choice of next research direction was better than the human's in 30% of cases, and clearly worse only 25% of the time. A year ago, this would have been nearly unimaginable.
The report is candid about limitations: Claude-written code still lags behind human-written code in readability and maintainability, though the gap is closing fast. Anthropic also uses Claude for automated code review — retrospective analysis found that Claude reviewers caught ~70% of bugs that human reviewers missed.
Story 2: Open-Source Vulnerability Harness — When AI Starts Finding Its Own Bugs
On the same day, Anthropic open-sourced Defending Code Reference Harness — a Claude-powered autonomous vulnerability discovery and remediation framework that quickly garnered 2,573 stars on GitHub.

This framework is more significant than a typical open-source release. It distills best practices from Anthropic's Glasswing project (the security evaluation program for Claude Mythos) into a practical reference implementation:
- Claude Code skills:
/quickstart,/threat-model,/vuln-scan,/triage,/patch,/customize— a full interactive workflow from threat modeling to auto-patching - Autonomous pipeline (
harness/): Docker + ASAN-based C/C++ memory vulnerability discovery pipeline with autonomous scanning, verification, reporting, and patching - gVisor sandbox: Autonomous pipeline runs isolated in sandboxes to prevent malicious code from affecting the host system
The framework's four-day ramp-up plan is refreshingly practical:
- Day 1: Build a threat model + first static scan + triage
- Day 2: Run the reference pipeline on a C/C++ library
- Days 3-5: Customize the pipeline for your target
- Week 2: Start autonomous scanning, triage, and patching
This aligns with Anthropic's product strategy — beyond the open-source framework, they also offer Claude Security, a managed product for enterprise teams managing vulnerabilities across multiple projects.
Putting It Together
On one hand, Anthropic tells the world "AI is writing 80% of its own code, and starting to develop its own research judgment." On the other hand, it open-sources a complete framework for "AI to find bugs in its own code."
This creates a closed loop: AI writes code → AI reviews code → AI finds vulnerabilities → AI patches them. And the human role in this loop is shifting from "executor" to "direction-setter" — exactly the thesis of the Anthropic Institute report.
Tools Mentioned
Claude Code is Anthropic's AI coding agent and the core engine driving all the capabilities described above. The Defending Code Reference Harness is written in Python and runs on Docker-based sandboxes. Claude Security is the enterprise-grade managed product for cross-project vulnerability management. These tools form a complete stack for AI-powered development workflows.
Community Reaction
The two stories on HN combined for 980+ points and 160+ comments. The top comment questioned Anthropic's timing — "given the company is planning an IPO, this report reads more like roadshow material." But others countered that regardless of motivation, the fact that 80% of code is AI-authored speaks for itself.
Next Steps
If you're building AI Agent workflows, three immediate actions:
- Read the full Anthropic Institute report — especially the autonomous research judgment data — to decide whether your Agent architecture should grant more autonomy
- Try the Defending Code Reference Harness
/quickstartskill — 30 seconds to experience a full security scanning loop in Claude Code - Consider where your project sits in the "AI writes → AI reviews → AI secures" loop — you're likely already living through a similar evolution, just at a different scale
Monetization angle
How can you make money from this trend?
WayToClawEarn focuses on verified earn playbooks—not just news. Start from these cases.
n8n + OpenAI affiliate site
Automate content and affiliate monetization
Claude + n8n automation agency
Charge monthly for agent workflow builds