An autonomous cybersecurity agent built for the CyberGym benchmark. Given a vulnerability description and pre-patch codebase, Sherlock generates proof-of-concept exploits to reproduce real-world vulnerabilities from OSS-Fuzz across 188 production codebases. Features format-aware PoC generation that identifies expected binary input formats before crafting exploits, crash-output-driven mutation that iteratively refines PoCs based on sanitizer feedback, deliberate zero-day discovery that pivots to open-ended vulnerability hunting when reproduction fails, and best-of-N sampling to maximize success rate across multiple attempts.