98 findings across 3 projects · 108K+ GitHub stars

We think AI security should be free.

We also think some problems need more than free can give.

Open-source tools for every developer. Self-service platform for growing teams. AI-powered consulting for when the stakes are real.

Clone the repo — it's free Book a 30-min call →

ai-sec audit

$ ai-sec audit --repo github.com/acme/webapp █

✓ Cloning repository... done

✓ Analyzing 1,247 files across 18 modules... done

✓ Mapping auth flows & trust boundaries... done

✓ OWASP ASVS L2 checklist (286 controls)... done

✓ Cross-referencing findings... done

── RESULTS ──────────────────────────────

CRITICAL 3 Broken auth flow, plaintext secrets

HIGH 7 IDOR, missing access controls

MEDIUM 12 Rate limiting, session mgmt

LOW 5 Informational

Full report: ./audit-report-2026-03-31.md

Open Source

Our gift to make AI development safer.

We believe every developer deserves access to AI security analysis. So we open-sourced our audit engine — the same technology that found 98 vulnerabilities across maybe-finance, Documenso, and Hoppscotch.

It's not a teaser. It's not feature-gated. It runs in your IDE, analyzes your entire codebase, and finds real issues. Clone it, run it, ship safer code.

Claude Code skill — run /audit in your IDE
5 specialized agents (web, API, CI/CD, infra, mobile)
OWASP Top 10 coverage
Finds ~60-70% of what a full audit catches
No account, no tracking, no strings

We audited 3 open-source projects with 108K+ combined GitHub stars and found 98 real vulnerabilities. The tool is real.

View on GitHub → Read the audits →

ai-sec audit

$ ai-sec audit --repo github.com/maybe-finance/maybe

✓ Analyzing 847 files across 12 modules...

── RESULTS ──────────────────────────────────

CRITICAL 4 Plaintext credentials, broken access control

HIGH 9 Missing encryption, IDOR vulnerabilities

MEDIUM 14 Rate limiting, session management

LOW 6 Informational findings

Full report: ./audit-report.md

Self-Service Platform

The free tool scans. The platform hunts.

A single-pass scan catches a lot. But real security requires orchestration.

Our platform runs multi-step hardened workflows: it scans your codebase, identifies potential issues, then re-tests from different angles. It chains attack paths across modules. It retests after you fix. It monitors continuously on every PR.

That orchestration is why it's not free — it's a fundamentally different kind of analysis.

Multi-step audit workflows with retesting
Attack path chaining across your codebase
Continuous monitoring — scan on every PR
Fix verification — confirm your patches work
CI/CD integration (GitHub Actions, GitLab CI)
Team dashboard with trend tracking

$299/mo — launching soon

Join Waitlist → See pricing →

Initial scan

27 potential findings

Cross-reference & validate

18 confirmed

Chain attack paths

3 critical chains found

Generate fix guidance

Actionable report ready

AI-Powered Consulting

What a security audit should feel like in 2026.

For regulated industries, pre-acquisition due diligence, or enterprise compliance — you need more than a scan.

We deploy AI-assisted analysis across your entire stack: source code, deployed artifacts, runtime behavior, infrastructure configuration. Our multi-level AI simulators probe your architecture the way a real attacker would — not one pattern at a time, but holistically.

This is an AI-empowered red team. Human expertise directing AI capabilities. From code to cloud to runtime.

AI-assisted analysis — not just human eyeballs on code
Multi-level AI simulators against deployed infrastructure
AI-powered red team exercises (not just automated scanning)
Code → infrastructure → runtime → business logic coverage
OWASP ASVS L2/L3 + CIS benchmarks + compliance mapping
SOC 2, ISO 27001, PCI DSS evidence artifacts
Remediation verification — we confirm the fixes work

Built by auditing a VARA-regulated crypto exchange. 87+ findings across 2 full iterations. This methodology is production-hardened, not theoretical.

Startup $3,500 → Standard $15K → Enterprise from $30K

Book a 30-min call → See case study →

01 Source Code

Static analysis

02 Dependencies

Supply chain

03 Infrastructure

Config & deploy

04 Runtime

Dynamic behavior

05 Attack Simulation

Red team

deeper analysis ↓

Each tier feeds the next.

Developers discover AI-Sec via the open-source tool. They find real issues. They try the platform for deeper analysis. Some need consulting for compliance or high-stakes launches. Consulting produces case studies that fuel content that drives more open-source adoption.

Don't take our word for it. Read the audits.

We audited 3 popular open-source projects and published the results. 98 findings total.

maybe-finance

35K ★

OTP secrets and Plaid tokens stored in plaintext

5 critical · 6 high

Documenso

8K ★

Encryption key validation commented out in production

1 critical · 3 high

Hoppscotch

65K ★

IDOR + unauthenticated infrastructure takeover

3 high · 3 medium

Read full case studies →

Built by

Sergey Kovalev

CTO at a VARA-regulated crypto exchange

AI-Sec wasn't built by a security vendor. It was built by someone who runs engineering, ships product, and needed to audit his own code. 87+ findings across 2 full iterations on a production fintech platform.

LinkedIn → Twitter → GitHub → YouTube →

Your code is live. Is it secure?

Start free.

Clone the open-source tool and run /audit right now. No account needed.

View on GitHub →

Talk to us.

Book a 30-minute call. We'll scope what you actually need. No sales pitch — just answers.

Book a call →