On 9 April 2026, ASD published information on the cyber security implications of increasingly capable frontier artificial intelligence (AI) models, followed by an update on 8 May examining what these AI models likely can, and cannot, do.
In the weeks since our last update, ASD’s cyber security advice in responding to the emergence of increasingly capable frontier AI models remains largely unchanged (for more information, visit our Artificial intelligence page). However, we have observed the growing importance of AI model harnesses as an additional dimension of AI-enabled cyber security that organisations should understand. Today, ASD is publishing a further update on AI model harnesses, which examines how they are shaping cyber security outcomes.
AI model harnesses are the orchestration layer built around one or more AI models. In practice, a harness is the agentic scaffolding – planning, tool use, output verification and multi-agent coordination – that sits around the model or models; the term is used here in preference to ‘agent framework’ or ‘orchestration layer’ to emphasise that it is the engineered system, not the model alone, that delivers capability. They coordinate how AI models are tasked, how their outputs are verified, and how multiple AI models or specialised agents work together to complete complex multi-step activities, such as vulnerability discovery and exploit development. Recent cyber security benchmark test results (such as those found in CyberGym) demonstrate that a well-engineered AI model harness can be as important a determinant of capability as the underlying AI model itself.
The emergence of agentic AI harnesses carries an important implication for Australian organisations. Top-tier frontier AI models are not the only pathway to strong AI-enabled cyber security outcomes. A capable AI model harness, orchestrating mid-tier AI models, can achieve results comparable to those of top-tier frontier AI models. Organisations do not require access to the most advanced frontier AI models to defend themselves effectively.
The availability of these specialised AI model harnesses is also increasing. Recent releases include:
- Microsoft’s MDASH. A multi-model agentic scanning harness, codenamed MDASH, orchestrates more than 100 specialised AI agents across an ensemble of frontier AI models to discover, debate and prove exploitable vulnerabilities end-to-end. Microsoft reports that MDASH helped its researchers identify vulnerabilities across Windows networking and authentication components. Microsoft’s June 2026 Patch Tuesday release included 206 vulnerability patches- its largest on record.
- Anthropic’s Defending Code Reference Harness. An open-source reference implementation for autonomous vulnerability discovery and remediation. It provides a structured pipeline covering threat modelling, scanning, verification, triage and patching, and can be adapted by organisations to their own codebases, languages and bug classes. Anthropic has launched Project Glasswing with a group of technology and security partners, giving selected organisations access to Claude Mythos for defensive cyber security work.
- Cisco Foundry Security Spec (CFSS). An open-source AI orchestration harness that integrates domain knowledge, including research notes, test beds and prioritisation logic, from Cisco’s Advanced Security Initiatives Group. CFSS provides a model-agnostic framework that facilitates spec-driven development workflows for AI agents, consistent with the standards established by GitHub spec-kit.
- OpenAI’s Codex security harness. A part of OpenAI’s Daybreak initiative combining OpenAI models with Codex as an agentic harness, bringing secure code review, threat modelling, patch validation and remediation guidance into the software development loop. OpenAI has also established a Trusted Access for Cyber partnership with Australia, providing verified cyber defenders with advanced AI tools for cyber security purposes.
- OpenHack. An MIT-licensed open-source project from security firm Hadrian that packages automated vulnerability research workflows into a file-based workspace that is able to run within widely available coding harnesses.
Together, these developments mean that organisations of all sizes can apply AI to the task of finding and fixing vulnerabilities in their own systems or software before malicious actors exploit any weaknesses. The same capabilities are, however, dual use: an AI harness that can find and patch vulnerabilities can equally find and exploit them, and the lowering of cost and skill barriers benefits opportunistic malicious actors, not only cyber defenders. The defensive advantage, therefore, depends on organisations adopting these tools at least as quickly as malicious actors and pairing them with the verification and remediation capacity to act on what they surface.
ASD will be releasing practical guides on the use of AI harnesses in cyber defence workflows in the coming days.
For more information on defending against AI-enabled cyber security threats – please see Artificial intelligence.
ASD would like to thank Anthropic, Cisco, Commonwealth Bank of Australia (CBA), Microsoft, and OpenAI for their consultation on this update. We encourage all entities to join ASD’s Cyber Security Partnership Program for opportunities to engage with ASD on this topic and other cyber security issues.