VulnHunter: An AI Security Agent for Web Application Vulnerability Detection VulnHunter is an OpenEnv-compatible reinforcement learning environment that trains AI agents to detect and patch web application security vulnerabilities. The green agent evaluates coding agents on their ability to: Identify vulnerabilities - Correctly classify SQL injection, Cross-Site Scripting (XSS), and Path Traversal vulnerabilities in Python/Flask web applications Generate secure patches - Produce syntactically correct code fixes that block exploits without breaking functionality Reason about security - Explain vulnerability mechanisms and justify fix approaches The agent is scored using a hierarchical reward structure: +0.3 for correct vulnerability identification, +0.2 for valid patches, +1.0 for patches that successfully block exploits, and -0.2 for syntax errors. Maximum score is 1.5 per vulnerability. Trained using GRPO (Group Relative Policy Optimization) with Unsloth on an NVIDIA A100 GPU, VulnHunter demonstrates that smaller, specialized models (7B parameters) can achieve expert-level security analysis through targeted reinforcement learning.