Baz at Black Hat 2026: frontier models, pointed at your whole codebase.

Cyber-capable models are the first practical way to make deep security reasoning cheap enough to run continuously. Ahead of Black Hat 2026, this is everything Baz shipped to put those models to work: on every pull request, and across the code already sitting in your repositories.

Meeting the team at Black Hat? Everything below links to the launch, the research, or the doc behind it.

Watch Advanced Security work, end to end.

A pull request opens a data export endpoint on the left. Baz Advanced Security reviews the diff with a cyber-capable model, proves the tenant-isolation gap is reachable, and posts an exploitable finding with a fix. On the right, the same agent scans the whole repository for risk that no diff would ever surface. Drag the divider to move between them.

Cyber-capable models changed what review can catch.

Earlier models were useful for summaries and obvious mistakes but struggled with real security reasoning. Frontier cyber-capable models, from Mythos Preview to Fable and the latest Opus and Codex releases, follow multi-step logic, connect behavior across files and services, and separate theoretically suspicious code from behavior that can plausibly be exploited.

Using Fable in production.

Pointing a model like Fable at real code is the easy part. Running it in production means giving it the right context, keeping it inside a boundary you control, and making every run inspectable. That is the harness Baz was built to be.

Context, not just the diff

The Context Broker assembles the surrounding code, related repositories, package usage, module boundaries, ticket intent, and runtime signals, so the model reasons about the change in the system it actually lives in.

A boundary you control

The Agent Harness runs the model against your code inside an isolated runtime. Private Mode analyzes changes locally and retains no source code, for teams with strict compliance or data residency needs.

Every run is inspectable

PR reviews, full-repo scans, and fixes each produce a Session with severity-tagged findings and the evidence behind them, so a model decision is never a black box.

Findings that hold up

Each finding is tied to a specific file and line range with a description, confidence score, severity, and suggested remediation, so security teams can route it instead of triaging noise. See security, privacy, and compliance.

The best way to use a frontier model: scan the whole codebase.

PR review is the right place to stop a new bug from merging, but it only sees what changed today. A tenant isolation gap introduced two years ago, an authorization check missing from the first commit, a secret handling pattern that was never right: none of it shows up in a diff unless someone happens to touch that file again. A full codebase security scan is the single best way to put a frontier model to work, because it turns the model loose on all the risk already sitting in the repository.

  • Advanced Security scans an entire repository on demand, not just the pull request.
  • Teams on the Advanced Security tier trigger it at the workspace level, scoped to the repositories they already have in Baz.
  • Results land as Sessions with severity-tagged findings and Fixer PRs, so a scan produces fixes, not just a report.

Read the full story in security review should not wait for the next pull request, or see the agents behind it on the AI code review page.

What Baz shipped for security.

The agents, controls, and integrations behind Baz security review, each with the launch or doc that explains it.

Research, docs, and more.

Point a frontier model at your codebase.

Meeting us at Black Hat 2026, or want to run a full codebase security scan on your own repositories? Talk to the team and we will show you what Advanced Security surfaces.