PATTERN Cited by 1 source

Narrow-scoped agent task

Intent

When dispatching an agent into a find-something task on a large surface, constrain the per-task prompt to one specific question with explicit scope hints — instead of an open-ended prompt like "find vulnerabilities in this repository" — and let scale come from running many narrow-scoped tasks in parallel, not from making any one task more exhaustive.

Canonical articulation

Cloudflare's verbatim formulation (Source: sources/2026-05-18-cloudflare-project-glasswing-what-mythos-showed-us):

"Telling the model 'Find vulnerabilities in this repository' makes it wander. Telling it 'Look for command injection in this specific function, with this trust boundary above it, here's the architecture document and here's prior coverage of this area' makes it do something much closer to what a researcher would actually do."

Used as the per-task shape inside Cloudflare's vulnerability discovery harness Hunt stage.

The four scope-hint slots

Decomposing the verbatim per-task prompt yields four slots:

1. Attack class — "command injection". One specific vulnerability type, not "vulnerabilities" in general.
2. Code-location scope — "this specific function". A bounded code surface to investigate, not the full repo.
3. Trust-boundary context — "with this trust boundary above it". The threat-model context that makes a finding in this code matter.
4. Repository-level context — "here's the architecture document and here's prior coverage of this area". Background that prevents the agent from spending tokens reconstructing what already exists.

The third and fourth slots are upstream products of the Recon stage of the harness — Recon produces the architecture document and prior-coverage map that Hunt-stage tasks reference.

Why narrow scope works

Three mechanisms compound:

• Reduces wander. A specific question constrains the search space; the agent doesn't burn context budget on navigation. The wiki has a sibling concept — agent hyperfixation — where agents commit to first hypothesis; narrow scope is the prompt-side discipline that gives the agent a correct first hypothesis to pursue rather than letting it pick its own.
• Mirrors human researcher workflow. Cloudflare's framing: "A human researcher picks one specific thing to look at and investigates it thoroughly. … Then they do it again, for a different feature, security boundary, or vulnerability class, several thousand times across the codebase." The narrow-task shape is what lets the agent ladder match the human ladder.
• Makes parallelism feasible. Many narrow tasks can run concurrently without coordination; one exhaustive task cannot meaningfully parallelise. The parallel narrow agents pattern is the natural composition.

Anti-patterns

• "Find vulnerabilities in this repository" — Cloudflare's named anti-pattern. The model wanders.
• "Find all instances of vulnerability class X" without a code-location scope — the model still has to navigate the repo before investigating, burning context budget.
• "Investigate this function for any security issues" — no attack class. The model gets the where but not the what to look for; it produces a generic security review, not a focused investigation.
• "Investigate command injection in this function, see if there's anything else interesting" — the "see if there's anything else" re-introduces wander. Narrow scope must be strict, not suggested.

Sibling patterns on the wiki

• patterns/specialized-reviewer-agents — narrow scope along domain axes (security / performance / docs / etc.) in the AI code-review setting. Same shape, different unit of decomposition (review-domain vs attack-class).
• patterns/agent-spawn-parallel-exploration — Vercel Turborepo's "8 background agents from my phone" experiment for performance optimisation. Demonstrates the narrow + parallel shape generalises beyond vulnerability research.
• patterns/specialized-agent-decomposition — the meta-pattern for agent decomposition.
• patterns/coordinator-sub-reviewer-orchestration — the orchestration pattern that spawns narrow-scoped agents.

Cost / requirements

• Recon stage — narrow tasks need an architecture document and prior-coverage map to inhabit. The Recon stage is the per-repo upfront investment that subsequent hunting batches amortise against.
• Task queue management — attack class × code location produces a large task space. Generation, deduplication, and prioritisation of the task queue is itself work.
• Domain expertise in scope hints — "this trust boundary above" requires someone (an upstream agent or a human) to characterise trust boundaries. Without that, the scope-hint slot is empty.

When this pattern is not the right answer

• Tasks where scope is genuinely unknown — early reconnaissance phase, initial threat-model exercise, or the Recon stage itself, which is structurally about exploration. The Recon stage of Cloudflare's harness uses a broader prompt because it's producing the scope hints the Hunt stage will use.
• Tasks where the agent's value is creative connection- making across the repo — narrow scope can prevent useful cross-cutting findings.

Numbers (Cloudflare)

• ~50 hunters running concurrently per scan run, each on one narrow task.
• Each hunter fans out to "a handful" of exploration sub-agents within the narrow task — intra-task fan-out.

Seen in

• sources/2026-05-18-cloudflare-project-glasswing-what-mythos-showed-us — canonical wiki articulation; the "narrow scope produces better findings" lesson and the verbatim prompt-shape example.

Related

• patterns/multi-stage-vulnerability-discovery-harness — the harness that composes narrow-scoped tasks at coverage.
• patterns/parallel-narrow-agents-over-exhaustive — the parallelism pattern this shape enables.
• patterns/specialized-reviewer-agents — the domain-axis-narrow sibling.
• patterns/agent-spawn-parallel-exploration — the performance-task sibling.
• concepts/single-agent-coverage-failure-on-large-repos — the failure mode narrow scope exists to bypass.
• concepts/agent-hyperfixation-failure-mode — the failure mode narrow scope mitigates by giving a correct first hypothesis.
• systems/cloudflare-vulnerability-discovery-harness — the system that uses this pattern at the Hunt stage.