New Raptor Framework Uses Agentic AI to Create Patches TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityDPRK's 'Contagious Interview' Spawns Malicious Npm Package FactoryDPRK's 'Contagious Interview' Spawns Malicious Npm Package FactorybyElizabeth Montalbano, Contributing WriterDec 2, 20255 Min ReadApplication SecurityPrompt Injections Loom Large Over ChatGPT's Atlas BrowserPrompt Injections Loom Large Over ChatGPT's Atlas BrowserbyAlexander CulafiNov 26, 20256 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllApplication SecurityLINE Messaging Bugs Open Asian Users to Cyber EspionageLINE Messaging Bugs Open Asian Users to Cyber EspionagebyTara SealsNov 21, 20257 Min ReadEndpoint SecurityChina's 'PlushDaemon' Hackers Infect Routers to Hijack Software UpdatesChina's 'PlushDaemon' Hackers Infect Routers to Hijack Software UpdatesbyNate Nelson, Contributing WriterNov 20, 20253 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryVulnerabilities & ThreatsCyber RiskCybersecurity OperationsNews, news analysis, and commentary on the latest trends in cybersecurity technology.New Raptor Framework Uses Agentic Workflows to Create PatchesResearchers utilized prompts and large language models to develop an open-source AI framework capable of generating both vulnerability exploits and patches.Arielle Waldman, Features Writer, Dark ReadingDecember 2, 20253 Min ReadSource: Brian Light via Alamy Stock PhotoAttackers are increasingly using artificial intelligence to generate exploits, conduct reconnaissance activities, and run alarmingly realistic phishing campaigns; however, they are not the only ones incorporating AI into their activities. Defenders are using AI too: a group of security researchers has built a framework to level the playing field for defenders. Raptor, an autonomous offensive/defensive research framework built on Anthropic's Claude code, is capable of automatically generating both vulnerability exploits and patches. The group of researchers, consisting of Gadi Evron, CEO and co-founder of Knostic; Daniel Cuthbert, security researcher and a member of the Black Hat Review Board; Thomas Dullien, a freelance computing mathematician known as Halvar Flake; and Michael Bargury, CTO and co-founder of Zenity; built Raptor after seeing how powerful coding agents could be and wanting to harness that capability for research security.  "The bottom line is, attackers are using AI to find vulnerabilities, exploit vulnerabilities, and orchestrate and automate their attacks," Evron tells Dark Reading. "On the defensive side, we don't have that yet." Defenders have limited tools at their disposal to deal with AI-based attacks, warns Evron. The agentic attack platform is modular, allowing anyone to contribute functionality and help defenders stay ahead of the attackers. The researchers released Raptor (Recursive Autonomous Penetration Testing and Observation Robot) as open source, and it is available for download on GitHub.Related:An 18-Year-Old Codebase Left Smart Buildings Wide OpenRaptor In ActionThe framework agentically orchestrates and understands research, exploitation, and patching, Evron says.The researchers had three questions when developing Raptor. Firstly, could they create something that is accessible for both researchers and defenders? Secondly, could they use a generic agent such as Claude? And thirdly, could they convert what they built into a security research platform? The answer to all three questions was, yes, and very easily, says Evron. Halvar Flake, who wrote a patching capability for Raptor, utilized that functionality to create fixes addressing the recently discovered vulnerabilities in the ffmpeg multimedia libraries. Using an agentic flow, Halvar Flake examined the vulnerabilities, pinpointed their locations in the code, and generated a fix to automatically address those issues. While the patches required some tweaks before it was finalized, using Raptor to create the patches saved a lot of work and time, Evron says.Related:Popular AI Systems Still a Work-in-Progress for SecurityEvron hopes Raptor showcases the "power of community" where anyone can maintain and contribute to the agentic attack framework. He also views it as a proof of concept as it demonstrates that coding assistants such as Claud Code can be utilized for a range of purposes and can be adapted to work for anything.While Raptor can be applied to many use cases, one of the most common will be to remove many of the frustrations and barriers that exist when performing binary analysis and static/variant analysis, says Cuthbert, a security researcher and member of the Black Hat Review Board. Cuthbert noted on LinkedIn that Raptor "will not replace expert reverse engineers," but will "provide a promising aid for multi-candidate proofs of concept and for automating repeatable analysis tasks." "In addition, the ability of leveraging large language models to help understand crashes and potentially build subsequent patches for discovered vulnerabilities and issues, that's a massive step forward in getting the tooling in the hands of so many," Cuthbert says.About the AuthorArielle WaldmanFeatures Writer, Dark ReadingArielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.   See more from Arielle WaldmanMore InsightsIndustry ReportsThe Cloud is No Longer EnoughForrester Wave: for Network Analysis and Visibility Solutions, Q4 2025Gartner Magic Quadrant for Network Detection and Response, 20252025 State of Threat Intelligence: What it means for your cybersecurity strategyGartner Innovation Insight: AI SOC AgentsAccess More ResearchWebinarsIdentity Security in the Agentic AI EraHow AI & Autonomous Patching Eliminate Exposure RisksSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMore WebinarsYou May Also LikeFEATUREDCheck out the Black Hat USA Conference Guide for more coverage and intel from — and about — the show.Latest Articles in DR TechnologyVision Language Models Keep an Eye on Physical SecurityNov 24, 2025|5 Min ReadHow We Ditched the SaaS Status Quo for Time-Series TelemetryNov 18, 2025|4 Min ReadNew Startup Mate Launches With AI-Driven Security Operations PlatformNov 17, 2025|2 Min ReadHardened Containers Look to Eliminate Common Source of VulnerabilitiesNov 14, 2025|4 Min ReadRead More DR TechnologyDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

The security landscape is rapidly evolving, driven by the increasing sophistication and automation of cyberattacks. Researchers have developed Raptor, an open-source AI framework designed to level the playing field for defenders. Spearheaded by Gadi Evron and a team including Daniel Cuthbert, Thomas Dullien (Halvar Flake), and Michael Bargury, Raptor leverages Anthropic’s Claude code to automatically generate both vulnerability exploits and patches. The framework’s agentic nature allows for modularity and community contribution, addressing a critical gap in current defensive capabilities. Creators aimed to answer three key questions: could they build an accessible framework for researchers and defenders? Could they utilize a generic agent like Claude? And could they transform this into a functional security research platform? The affirmative responses to all three propelled the development of Raptor. The framework orchestrates research, exploitation, and patching through an agentic workflow, exemplified by Halvar Flake’s application of Raptor to create fixes for vulnerabilities within the ffmpeg multimedia libraries. This demonstrates Raptor’s ability to automatically analyze vulnerabilities, pinpoint their locations in code, and generate targeted patches, drastically reducing the time and effort involved in patching processes. While Cuthbert emphasizes that Raptor won’t replace expert reverse engineers, it provides valuable assistance in multi-candidate proofs of concept and automating repeatable analysis tasks. The ability of large language models to aid in understanding crashes and generating subsequent patches represents a significant advancement, placing powerful analysis tools in the hands of a broader audience. Evron’s vision for Raptor encompasses a “community of innovation,” where continuous contributions ensure the framework remains at the forefront of defensive capabilities. The Raptor framework represents a significant step toward democratizing cybersecurity research and defense, potentially transforming how defenders respond to increasingly complex and automated threats.