Cantina Joins Anthropic's Cyber Verification Program

Cantina has been accepted into Anthropic's Cyber Verification Program (CVP), the program Anthropic created to give vetted defensive teams full access to Claude's dual-use cyber capabilities for the high-stakes work of protecting the systems the world depends on.
Finding a vulnerability is the easy part. Proving it is exploitable, writing the fix, and confirming that fix holds, is the hard part. Our AppSec agent has done exactly that for some of the world's leading organizations, with findings in OpenSSH (a flaw that survived 44 years), Apple's WebKit (13 years), and Anthropic's own Claude Code, and is #1 on the HackerOne US corporate leaderboard. That track record is what earned the verification.
Entering this program means our AppSec agent's reasoning is conducted with greater depth and speed than ever before.
Why verification matters
Proving a vulnerability is real means reasoning the way an attacker would. Our AppSec agent maps a codebase by trust boundary rather than function by function, and at each boundary, it asks whether the authority granted there can be extended beyond its intended scope. That reasoning is dual-use by nature: the analysis that confirms a flaw is exploitable is the same analysis that could help someone weaponize it, which is exactly why frontier models guard it by default.
With access to this program, our capabilities are enhanced in two ways:
Verification: spotting a vulnerability was never the hard part. Confirming it is exploitable, and showing the path an attacker would take to reach it, is what separates a real finding from a normal scanner. With verification, our AppSec agent carries that reasoning all the way to a confirmed, exploitable finding. From there, it writes the fix.
Resolution: confirming that fix holds means attempting to defeat it the way an attacker would once the patch ships. Deeper reasoning gives a straight answer to the question every team has after merging a fix: is it actually remediated, or does it only look remediated?
The vision
We put a few questions to Mike Leffer, Cantina's Co-founder.
What does joining the program signal?
"It signals where the field is headed. The labs are deciding who they trust to use these models for defense, and security teams are starting to trust autonomous systems with real work. The CVP is that trust made formal. We've built our company around earning it: security that runs itself, and a system that surfaces and resolves what matters."
Does AI favor attackers or defenders?
"AI doesn't pick a side, which is exactly why access to programs like the CVP is so important. Attackers will have these models soon, cheap and unrestricted. The CVP gives defenders that same depth without the friction, and that is the edge."
Why should a customer care?
“Before joining the CVP, we were finding bugs like the one that hid in OpenSSH for 44 years. Now, we can do more of that - faster.”
What changes for the teams using Cantina?
"A team of three gets the output of thirty. With verified access, the reasoning that proves a bug is real runs without hitting a wall, so the time between finding a problem and a fix that holds drops to almost nothing. With that extra time, teams can get back to building."
Where does this go next?
"Security that runs itself, with people in the loop on what matters. It finds the issue, provides the resolution, and flags what needs a human. Programs like the CVP are how defenders keep pace as the models get stronger. We want the people defending systems to have the upper hand and keep it."
The advantage goes to defenders who start early
Cheap, capable models are reaching attackers within months, most of them unrestricted. The CVP exists to close that gap: it gives vetted defenders the same depth of reasoning, under Anthropic's controls, so the people protecting real systems work with the same tools as the people attacking them.
The teams that stay ahead will be the ones who already know how to use it, with the track record to prove it. We have both. Our AppSec agents run the full loop, from finding an issue to proving it is fixed, and verification enables them to run deeper and faster. We built that record in public; the CVP takes the friction out of the work that went into it.
Frequently asked questions
What is Cantina's AppSec agent?
Cantina's AppSec agents perform deep static and dynamic analysis of production codebases, form multi-step hypotheses about trust boundaries, test them end-to-end, then write the fix and open the pull request, continuously on every commit and deploy.
What is the Anthropic Cyber Verification Program?
It is a free, application-based program from Anthropic that lets vetted organizations use Claude's most capable models for legitimate dual-use cybersecurity work without default safeguards blocking it. Anthropic reviews applications and typically responds within two business days.
Why did Cantina join the CVP?
Our AppSec agent's core work, proving whether a vulnerability is real and whether a fix holds, requires reasoning the way an attacker does. Frontier models restrict that reasoning by default. Verification removes that friction for Cantina's scoped, defensive use.
What are dual-use cyber capabilities?
They are techniques with both offensive and defensive uses, such as analyzing whether a vulnerability is exploitable. They have legitimate defensive value but are blocked by default on frontier models because they can also be misused.
Cantina's AppSec agent understands your codebase, identifies risks, and takes action so your team can ship with confidence. Trusted by NVIDIA, Anthropic, Salesforce, Apple, and Coinbase. Get a demo.