Cloudflare details fleet-wide AI vulnerability harness

While most AI security research focuses on isolated prompts or single repos, Cloudflare's two-stage harness provides a realistic blueprint for enterprise-wide, multi-model automated vulnerability triage that treats LLMs as raw, stateless compute.

• –**Model Agnosticism as Risk Control:** By utilizing one model for discovery (VDH) and a different model for validation (VVS), Cloudflare creates an adversarial check that shields the pipeline from downstream provider changes or API drift.
• –**Externalizing State to Prevent Exhaustion:** Offloading context memory to a persistent SQLite database stops models from cannibalizing their own memories during long runs (which can take up to 14 hours).
• –**The Power of the Wishlist:** Rather than relying early on complex static analysis tools, security hunters coordinate with engineers via a central 'wishlist' to request specific execution environments or VM dependencies on-demand.
• –**Strict Verification Gates:** No finding reaches developers without a mechanically validated Proof-of-Concept (PoC) test run against the untouched codebase and a working patch, squashing false positives.