feat(claude_agent_sdk): add vulnerability detection agent cookbook (anthropics#595)

PedramNavid · web-flow · commit 876d099d2d11 · 2026-05-04T22:01:57.000-07:00
* feat(claude_agent_sdk): add vulnerability detection agent cookbook

06_The_vulnerability_detection_agent.ipynb runs threat-model -&gt; find -&gt;
triage -&gt; report on a self-contained 45-line canary C target using
claude-agent-sdk: ClaudeSDKClient for the multi-turn bootstrap-then-
interview threat model, stateless query() for find/triage/report, with
Claude Code's built-in Read/Grep/Glob in place of a hand-rolled tool loop.

Supporting changes:
- vulnerability_detection_agent/canary/canary.c: three unlabeled
  memory-safety bugs (heap OOB, stack OOB, UAF)
- registry.yaml: new entry under Claude Agent SDK + Cybersecurity;
  threat_intel_enrichment_agent also tagged Cybersecurity
- authors.yaml: add eugeneyan-ant
- pyproject.toml: +claude-agent-sdk so root 'uv sync' covers the series
- .gitignore: generated THREAT_MODEL.md
- .claude/commands/add-registry.md: add Cybersecurity to category list

* feat: add Cybersecurity to registry category enum

Add Cybersecurity to .github/registry_schema.json so the new vuln
detection cookbook entry passes registry-check.
diff --git a/.claude/commands/add-registry.md b/.claude/commands/add-registry.md
@@ -26,6 +26,7 @@ Add a new entry to `registry.yaml` for the notebook specified in the prompt abov
 - **categories**: Select 1-2 appropriate categories from this list:
   - Agent Patterns
   - Claude Agent SDK
+  - Cybersecurity
   - Evals
   - Fine-Tuning
   - Multimodal
diff --git a/.github/registry_schema.json b/.github/registry_schema.json
@@ -30,6 +30,7 @@
           "enum": [
             "Agent Patterns",
             "Claude Agent SDK",
+            "Cybersecurity",
             "Evals",
             "Fine-Tuning",
             "Multimodal",
diff --git a/.gitignore b/.gitignore
@@ -158,3 +158,6 @@ validation_report_*.md
 tool_use/demo_memory/
 tool_use/memory_storage/
 tool_use/.env
+
+# Cybersecurity notebook artifacts (regenerated each run)
+claude_agent_sdk/vulnerability_detection_agent/canary/THREAT_MODEL.md
diff --git a/authors.yaml b/authors.yaml
@@ -29,6 +29,10 @@ davidhershey:
   name: David Hershey
   website: https://github.com/davidhershey
   avatar: https://avatars.githubusercontent.com/u/11651858?v=4
+eugeneyan-ant:
+  name: Eugene Yan
+  website: https://x.com/eugeneyan
+  avatar: https://avatars.githubusercontent.com/eugeneyan-ant?v=4
 gaganb-ant:
   name: Gagan Bhat
   avatar: https://avatars.githubusercontent.com/u/235440171?v=4
diff --git a/claude_agent_sdk/06_The_vulnerability_detection_agent.ipynb b/claude_agent_sdk/06_The_vulnerability_detection_agent.ipynb
diff --git a/claude_agent_sdk/vulnerability_detection_agent/canary/canary.c b/claude_agent_sdk/vulnerability_detection_agent/canary/canary.c
@@ -0,0 +1,45 @@
+// canary.c
+// Entry: ./canary <input_file>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+static void parse_alpha(const unsigned char *data, size_t len) {
+    unsigned char *buf = malloc(32);
+    memcpy(buf, data, len);
+    printf("alpha: %02x\n", buf[0]);
+    free(buf);
+}
+
+static void parse_bravo(const unsigned char *data, size_t len) {
+    char name[16];
+    memcpy(name, data, len);
+    name[15] = 0;
+    printf("bravo: %s\n", name);
+}
+
+static void parse_charlie(const unsigned char *data, size_t len) {
+    char *p = malloc(64);
+    if (len > 0 && data[0] == 0xff) {
+        free(p);
+    }
+    memcpy(p, data, len < 64 ? len : 64);
+    printf("charlie: %p\n", (void *)p);
+}
+
+int main(int argc, char **argv) {
+    if (argc < 2) return 1;
+    FILE *f = fopen(argv[1], "rb");
+    if (!f) return 1;
+    unsigned char buf[4096];
+    size_t n = fread(buf, 1, sizeof buf, f);
+    fclose(f);
+    if (n < 1) return 1;
+    switch (buf[0]) {
+        case 'A': parse_alpha(buf + 1, n - 1); break;
+        case 'B': parse_bravo(buf + 1, n - 1); break;
+        case 'C': parse_charlie(buf + 1, n - 1); break;
+        default: printf("unknown format\n");
+    }
+    return 0;
+}
diff --git a/pyproject.toml b/pyproject.toml
@@ -4,6 +4,7 @@ version = "0.1.0"
 requires-python = ">=3.11,<3.13"
 dependencies = [
     "anthropic>=0.77.0",
+    "claude-agent-sdk>=0.1.50",
     "ipykernel>=7.1.0",
     "notebook>=7.4.7",
     "numpy>=2.3.4",
diff --git a/registry.yaml b/registry.yaml
@@ -76,6 +76,7 @@
   categories:
   - Tools
   - Agent Patterns
+  - Cybersecurity
 - title: Knowledge graph construction with Claude
   description: Build knowledge graphs from unstructured text using Claude for entity
     extraction, relation mining, deduplication, and multi-hop graph querying.
@@ -746,3 +747,14 @@
   categories:
   - Agent Patterns
   - Tools
+- title: The vulnerability detection agent
+  description: Build a vulnerability-discovery agent with the Claude Agent SDK
+    that threat-models a C target, hunts memory-safety bugs with built-in file
+    tools, and triages findings into a structured report.
+  path: claude_agent_sdk/06_The_vulnerability_detection_agent.ipynb
+  authors:
+  - eugeneyan-ant
+  date: '2026-04-22'
+  categories:
+  - Claude Agent SDK
+  - Cybersecurity
diff --git a/uv.lock b/uv.lock
