Vulnerability researchers seek agentic frameworks for emergent discovery

The request highlights the shift from simple LLM chat to agentic workflows that can autonomously update their research path based on intermediate findings.

• –Claude Code's native tool-use (terminal, search, file access) makes it a strong candidate for the "research -> hypothesize -> verify" loop required in security.
• –"Emergent research" is the next frontier, where the agent identifies new sub-questions (e.g., "Is this a Windows service?") without explicit human prompting.
• –Existing frameworks like Google's Project Naptime (Big Sleep) have already demonstrated zero-day discovery capabilities that exceed human-only auditing.
• –For specialized tasks like vulnerability research, the "best" framework is often a custom implementation (e.g., using LangGraph) that integrates security-specific tools like Ghidra or CodeQL.
• –Recent 2026 updates for Claude Code include specialized "Security" capabilities designed to scan codebases for complex logic flaws, directly addressing this user's use case.