Baz at Black Hat 2026: frontier models, pointed at your whole codebase.
Cyber-capable models are the first practical way to make deep security reasoning cheap enough to run continuously. Ahead of Black Hat 2026, this is everything Baz shipped to put those models to work: on every pull request, and across the code already sitting in your repositories.
Meeting the team at Black Hat? Everything below links to the launch, the research, or the doc behind it.
Watch Advanced Security work, end to end.
A pull request opens a data export endpoint on the left. Baz Advanced Security reviews the diff with a cyber-capable model, proves the tenant-isolation gap is reachable, and posts an exploitable finding with a fix. On the right, the same agent scans the whole repository for risk that no diff would ever surface. Drag the divider to move between them.
Cyber-capable models changed what review can catch.
Earlier models were useful for summaries and obvious mistakes but struggled with real security reasoning. Frontier cyber-capable models, from Mythos Preview to Fable and the latest Opus and Codex releases, follow multi-step logic, connect behavior across files and services, and separate theoretically suspicious code from behavior that can plausibly be exploited.
Getting ready for cyber-capable models like Mythos
Why the real shift is from diff inspection to consequence analysis: models now reason across migrations, shared types, schemas, and interfaces.
Read moreResearchCan cyber-capable models fix AppSec?
Why modern AppSec keeps missing critical vulnerabilities despite an abundance of tools, and where cyber-capable models actually help.
Read moreResearchModel vs SAST
Internal research on how newer cyber-capable models change AppSec detection on pull-request review.
Read moreResearchVulnerability classes that don't come back
A study of 28 high-confidence findings showing why cyber-capable models catch six long-missed vulnerability classes at review time, before they ship.
Read moreUsing Fable in production.
Pointing a model like Fable at real code is the easy part. Running it in production means giving it the right context, keeping it inside a boundary you control, and making every run inspectable. That is the harness Baz was built to be.
Context, not just the diff
The Context Broker assembles the surrounding code, related repositories, package usage, module boundaries, ticket intent, and runtime signals, so the model reasons about the change in the system it actually lives in.
A boundary you control
The Agent Harness runs the model against your code inside an isolated runtime. Private Mode analyzes changes locally and retains no source code, for teams with strict compliance or data residency needs.
Every run is inspectable
PR reviews, full-repo scans, and fixes each produce a Session with severity-tagged findings and the evidence behind them, so a model decision is never a black box.
Findings that hold up
Each finding is tied to a specific file and line range with a description, confidence score, severity, and suggested remediation, so security teams can route it instead of triaging noise. See security, privacy, and compliance.
The best way to use a frontier model: scan the whole codebase.
PR review is the right place to stop a new bug from merging, but it only sees what changed today. A tenant isolation gap introduced two years ago, an authorization check missing from the first commit, a secret handling pattern that was never right: none of it shows up in a diff unless someone happens to touch that file again. A full codebase security scan is the single best way to put a frontier model to work, because it turns the model loose on all the risk already sitting in the repository.
- Advanced Security scans an entire repository on demand, not just the pull request.
- Teams on the Advanced Security tier trigger it at the workspace level, scoped to the repositories they already have in Baz.
- Results land as Sessions with severity-tagged findings and Fixer PRs, so a scan produces fixes, not just a report.
Read the full story in security review should not wait for the next pull request, or see the agents behind it on the AI code review page.
What Baz shipped for security.
The agents, controls, and integrations behind Baz security review, each with the launch or doc that explains it.
Advanced Security Reviewer
Reviews code changes for exploitable behavior across auth, input handling, and data exposure, backing each finding with surrounding code, related repositories, and runtime signals.
Read the launchLaunchFixer, the sandboxed auto-fix agent
Applies and executes PR fixes inside an ephemeral, isolated runtime, running format, lint, and build checks and committing only when validation succeeds.
How Fixer worksLaunchPrivate Mode
Analyzes changes locally without storing or retaining source code, for teams with strict security, compliance, or data residency requirements.
Read the announcementProposalcyber.md, posture that speaks agent
A Markdown security posture file that captures protected assets, trust boundaries, and coding invariants in a format coding agents can consume safely during normal work.
See the proposalLaunchBaz MCP Server
High-signal, secure AI code review in any IDE with no repository integration required. Connect, diff, and review from Cursor, Claude, VS Code, and more.
Connect the MCP serverDocsSecure AI Code
How Baz builds context around a diff and runs Basic and Advanced Security agents on cyber-capable models to return findings tied to a file, severity, and remediation.
Read the docsResearch, docs, and more.
- All Baz researchInvestigations into cyber-capable models, AppSec detection, and code review.
- Secure AI Code (docs)The Basic and Advanced Security agents, and what context Baz sends the model.
- Security, privacy, and compliance (docs)How Baz protects your source code and data.
- Baz for EnterpriseDeployment, controls, and governance for security-conscious teams.
- Baz in the pressCoverage of Baz across outlets and industry newsletters.
- All resourcesEvery blog post, release, and research report from the team.
Point a frontier model at your codebase.
Meeting us at Black Hat 2026, or want to run a full codebase security scan on your own repositories? Talk to the team and we will show you what Advanced Security surfaces.